Oh Yes. The sending addresses are usually randomly generated and the emails are pretty simple:
Example you might see:
“Your mailbox has exceeded the storage limit which is 10GB as set by your administrator, you are currently running on 10.9GB,To re-validate your mailbox Click here: or copy this(http://bit.ly/98klp ) and paste it into your browser to increase your mailbox size or you loose your account within 24 hours.”
Are you running McAfee GroupShield in your environment? These detections should be pretty easily caught on the server side.
If not, the on-delivery email scanner in VirusScan would catch any malicious attachments. You can also enable some of the Access Protection rules in Virusscan like to block malicious code from running in the browser’s temp directory.
Hope that helps!