The latest scam someone that works with me fell for - I hope I just prevented the rest of my company from falling for (will know tomorrow). Firstly we use fucking imap, secondly how the fuck did you email me to tell me I can't receive emails???

Still pretty well executed.

Any one interested in some real world pen testing on site that wont report you (check for shared hosts - someone else will) feel free to fuck with the link that was in the mail...

[http://] securitycheckupdateaccount.dropbd.com/config/settings-2.php?email= [insert fake email address]

Ahh come on. He spelt server wrong and his email address is noreply@demon.com. How do you fall for that. On a side note. You can report that demon.com domain to its registra (grab from a whois lookup). I have had a few scam sites shutdown like that

@InterferenceObj
It could be spoofed, No SPF or dmarc present.

@Linux true true