1. When was this study conducted? I remember a story like this from somewhere around 2008. A lot has changed since then. In fact, I recall that during my onboarding at a medium size tech company, it was an explicit part of the company's security training curriculum.
2. I think you may actually have it backwards. I would imagine the engineering group at Twitter (the people who have important credentials) is in some ways more paranoid, or at least more technically savvy and therefore more aware than many of the people at the FBI.
Comparatively, Cern does a phishing study from time to time [1] and the campaigns are in line with current expectations: People fall for phising, and security training has only a short term effect on phising. Unfortunately I can't find the real results right now.
We once had a bachelors thesis comparing the results over multiple years, and the results were mostly stable. (Years are mid 2010s).
2. I think you may actually have it backwards. I would imagine the engineering group at Twitter (the people who have important credentials) is in some ways more paranoid, or at least more technically savvy and therefore more aware than many of the people at the FBI.