There's been a raft of phishing attacks against Universities over the last few months. We received a couple of thousand of these last night:
Subject: CONFIRM YOUR EMAIL ADDRESS Date: Tue, 6 May 2008 16:08:53 -0400 From: CAM SUPPORT TEAM
Reply-To: Dear Cam Subscriber, To complete your (CAM) account, you must reply to this email immediately and enter your password here (*********) Failure to do this will immediately render your email address deactivated from our database. You can also confirm your email address by logging into your CAM account at www.webmail.cam.ac.uk/ Thank you for using CAM.AC.UK! FROM THE CAM SUPPORT TEAM
We did the usual announcement dance, including a notice on the webmail login page, but this did not prevent some users (including webmail users!) from replying to the phish.
👤captain_aj suggests scanning email to reject it if it contains the user's password. I wonder how long it would take to crypt() every word of every message... :-)