In the past few years, we have seen phishing claim the scalps of major companies: Google, Facebook, LinkedIn, BBC, CNN, The White House, Sony, Sky News, The FBI, HB Gary, RSA Security, Gawker, Al Jazeera, etc.
Despite millions being spent on security products, this simple to execute attack vector reaps massive rewards. Appliances and self-hosted software are looking for 0day and network attacks, but the actual threat to most organisations is the front door (i.e. email phishing).
(The repercussions of the attacks have been huge too.. from seriously damaged credibility to literal drops in stock prices [The Washington Post – Syrian hackers claim ap hack that tipped stock market by $136 billion. Is it terrorism?])