While reviewing my last findings today, I found a phishing email that delivered a classic .shtml file called "PROFORMA INVOICE.shtml". Right now, nothing special, emails like this one are widespread. When you open the file in a sandbox, it reveals a classic form:

Phishing Kit Collecting Victim's IP Address, (Sat, May 20th)
This post was originally published on this site