We seem to be missing the boat on security awareness of phishing attacks: it’s not just for bank and credit card accounts anymore.  This article notes the “DHL,” “tax refund,” and similar queries.  I would have thought these were obvious, but they seem to be the most successful ways to get spear phishing and APT information.