The war for talent is far-reaching, extending onto college campuses as students look for summer work. Especially in tech, stories of unpaid interns are a thing of the past as companies are more often willing to offer high pay for internships.

Earlier this week, Glassdoor released its list of the highest-paying internships in the U.S. Interns at Facebook top the list, bringing in a median monthly income of $8,000, followed by Microsoft at $7,100 and ExxonMobil at $6,507. The companies rounding out the bottom of the top 25 — Deutsche Bank, AIG and Bank of America — gave interns a median monthly pay of about $4,600. 

That may seem a fair sum by any standard, but put another way, if those interns were full-time employees the median annual salaries would be anywhere from to $55,000 to $96,000. By comparison, the median annual salary for a U.S. worker is $51,450, or about $4,300 per month.  

With opportunities like that, some students may be enticed to change careers. The salaries are far more than many expect (I'm looking at you $10 per hour, 40 hours per week internships in high-cost metropolitan areas). 

High-paying internships are not a shock to employers in the tech industry. Companies shape and mentor interns in the hope they will eventually join their teams.

No longer can organizations wait until graduation to appeal to tech expertise, particularly since recent data shows IT leaders will face a lack of tech talent within the next 12 months. 

The increased spending for interns at companies located in Silicon Valley and other high-cost areas is also important. Interns would find it challenging to pay for summer rent in tech hubs in the U.S., places where job seekers are getting priced out of the region and looking for work elsewhere. 

With an ultra-competitive tech environment, unhappy talent could easily move onto the next, potentially-higher paying job. Interns on the highest-paid list aren't fetching coffee. Companies are giving them real responsibilities and projects, allowing them to contribute rather than acting as support for full-time staff. For those companies, their investment will pay off in the long run. 

One macro thing

Friday marks World Password Day, a chance for security experts everywhere to reflect on just how weak passwords used to protect private and sensitive data are. Time and again lists reveal the most common passwords in use are "123456" and "password." Not to be left out, "google" and "666666" are also quite popular. 

Experts may have a slew of recommendations, but companies providing services also have to step up. As password manager provider Dashlane notes, if a password portal does not require robust security, it is not likely that a user will come up with a strong password. 

Vendor security standards aside, what are basic password habits to employ? Rather than sticking with the minimum required characters for a password, use between 12-15 characters, mixing in letters, numbers and symbols. Easy substitutions like "@" instead of "a" and "3" instead of "E" can go a long way. 

But considering on average 95 passwords are stolen per second, the safest, most-paranoid bet may be to never repeat the same password across any platform. Or, just use a password manager. (One expert even recommends writing passwords down). 

One micro thing

CEOs really do make the best sales professionals. Earlier this week in a conversation with Jim Cramer on CNBC, Apple CEO Tim Cook touted the health benefits of the Apple Watch crediting the device with helping with his weight loss. 

Cook announced Apple's intention to create a $1 billion fund to promote advanced manufacturing in the U.S., he also said the Apple Watch has been an "incredible move into health, in the wellness and fitness piece." When asked if the technology also benefited him, Cook  said, "yes, for me too. I've lost 30 pounds."

One last thing

Earlier this week, approximately one million people were subject to a mass phishing attack, targeting users from a variety of industries. Disguised as what looked like a Google Doc, when clicked the user was asked to allow an application that looks legitimate access. 

The phishing attack went viral and emails were sent across offices all around warning of the potential dangers of clicking on attachments from unknown senders. Had users investigated into the sender's email address, they would have found the emails was from '[email protected].'

But the attack is nothing new to Google, Motherboard reports. Six years ago researchers speculated that malicious actors could fool unsuspecting users into giving access to their accounts my pretending to be a legitimate app. On Wednesday an attack practically mirroring that method targeted thousands of users. Luckily, Google was quick to respond by blocking the scheme. 

Had the attack not gone viral, perhaps the malicious actors could have claimed more victims. 

@zeynep Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX

— Zach Latta (@zachlatta) May 3, 2017