I found this article about the Syrian Electronic Army hacking The Onion fascinating. They pulled it off with phishing. In particular, they embedded malicious links in friendly sounding email. Once they got a few people to bite, they used those compromised email accounts to double down and phish more employees using their friends' emails. This really makes me question the use of embedded links in email. They are so convenient but also so easy to abuse.
There are some tools in Apple mail to expose a link before opening it. Regardless, be careful out there. (Link found via John Gruber).