Yup, I also notified @blueskysupp.bsky.social with the info. Looks like it's just part of the "first phase" of a phishing scam that starts with getting BS passwords. If users use the same password for the email address they use of their BS account then that could be trouble.