A clever phishing campaign has been spotted that bundles the scam's landing page in the HTML attachment rather than redirecting users to another site that asks them to log in.
A typical credential-stealing phishing scam consists of an email where the attacker tries to convince the user to click a link in order to retrieve a document or prevent something from happening. These links will then bring the user to a web site, or landing page, that includes a login form where the user must enter their login credentials to proceed.
With this type of attack, users can either detect the scam by the contents of the email, by a suspicious remote site and landing page, or by alerts from security solutions.
Let's show login form locally instead
To prevent users from becoming suspicious when they are redirected to a site with a strange domain or URL, a clever scammer decided to generate the phishing scam directly in the user's browser without going to a remote site.