Email-based phishing is used by bad actors to trick their targets into going to websites designed to collect confidential information, downloading attachments containing malware, or clicking links redirecting to malware-laden attachments. An innovative new approach to run a phishing campaign observed by Doctor Web’s researchers also has the advantage of circumventing the spam filters built into email servers and clients, besides tricking the receivers into thinking they’re receiving official newsletter subscription messages. The emails are from companies with a worldwide presence such as Audi, Austrian Airlines, and S-Bahn Berlin, with a’money for you’ header in Russian.
Source: https://www.bleepingcomputer.com/news/security/phishing-scheme-uses-legit-signup-forms-to-steal-payment-card-data/