This is a write-up of how the Syrian Electronic Army hacked The Onion using spear-phising. In summary, they phished Onion employees’ Google Apps accounts via 3 separate methods. From examining the details of this incident, as well as those effecting the AP, Guardian and others, it’s clear that the SEA is not using complex methods of attack. All of the hacks so far have been a result of simple phishing, or possibly dictionary attacks—all of which are preventable with a few simple security measures.
I recommend you read their blog post, learn from their mistakes and don't let this happen to you!
