I came across this phish the other day and it is quite compelling. It seems that resorting to sarcasm is the latest social engineering attack for luring users into supplying their credentials:
Do you think we are joking, the username and password which you provide is not correct, we are contacting you to inform you that your <domain> mailbox has exceeded to 90% of its quota. And when it reaches 100%, new messages will be rejected and bounce back to the sender. To avoid missing mail, please keep your mailbox at a reasonable size. Fill the below: provide the below completely and correctly, because the info you provide to us we can’t reset your <domain> because is not the correct info. Note we are contacting you for the last time.
Date of Birth:
The reply to email address was obviously not from within the organisation. I am pleased to say that no Otago users responded.