A new phishing campaign is underway that utilizes EML attachments that pretend to be a received voicemail and prompts you to login to retrieve it. This campaign also uses a clever tactic of tricking you into entering your password twice in order to confirm that you are providing the correct account credentials. Email security firm EdgeWave has confirmed that this is being done to double-verify the password and that it is not currently a common practice. Phishing expert NullCookies also told BleepingComputer that only a “subset of kits do that”””
Source: https://www.bleepingcomputer.com/news/security/voicemail-phishing-campaign-tricks-you-into-verifying-password/