So people actually logged into the fake site and used their PIN code too?
Yeah, quite a few people got suckered into it, including a couple that I know of that should have known better. They were so excited about getting 2FA that they didn't think.
Remember people (old and new alike): Never click a link in an email, unless you were expecting the link. And even then, if you get prompted for any information, don't do it. Always type the correct address for a website yourself.
Well I wasn't careful while working today and actually hit a phishing link in an email (not for scrypt.cc though.) I realized what I did right away and was lucky it was only a redirect. However I hit the power on the computer and ran 3 different scanners to ensure I didn't pick up some malware. Scary stuff.