This morning I received an email from my "administrator" saying that I needed to validate my email address within the next 48 hours or my email account would be suspended. Seeing as how I'm my own email administrator, I couldn't remember sending out such a message, I decided that this was likely spam. I'm always interested in seeing how these attacks are actually going to be played out so I clicked on the link.
Neat, Microsoft-y looking screen! And it looks like the backend is WordPress! It looks like the attacker is using the account system in WordPress to collect the information. When you submit your information for validation you get this response:
I'm guessing my address will not be closed down, since I did not provide my correct email information. I don't know, maybe I'll disable my own email... you know, just for the weekend.