A new phishing campaign has been spotted that bundles the scam’s landing page in the HTML attachment rather than redirecting users to another site that asks them to log in. This method was noticed by ISC Handler Jan Kopriva, who stated that they received a generic phishing email stating “Please find attached a copy of your payment notification”” and containing an HTML attachment named ‘payment.html’ The scam is simply an HTML file with a large amount of obfuscated JavaScript
Source: security