Mark Wade at CA recently posted a neat article about what happens when you respond to a spam message. Check out some of Mark’s other posts as well. Lots of good stuff there for our users, but in a forum where your typical end-user is not likely to be found.
I will occasionally chase down phishing messages (and populate with bogus data) just to see how elaborate the phish is, so I can warn our users. There have been a few recently that have been particularly well crafted, and thus pose a higher threat, as the deception is far more effective.
Just a reminder for your users, unless your bank is run by a bunch of idiots, they won’t e-mail you out of the blue. If they do, it’s time to change banks.