The phishing email and page
These HTML code chunks are combined with a fifth one that was present in the HTML attachment, and open a browser pointed to the phishing page:
The code will contain the target’s email address and will populate the fake sign-in box to make the phishing page seem legitimate. The phishing page also validates email address format and password length, Trustwave SpiderLabs researcher Homer Pacag explained.
Once the victim submits the login credentials, they are effectively compromised, and the victim is shown a web page saying that they account or password info is incorrect and urges them to try to log in again.
Spotting phishing pages
Needless to say, you should always be careful when evaluating unsolicited emails and should not indiscriminately download and open attachments (or links) found in them.
You should also always look at the URL of any login page they are faced with and check whether it’s the same one they usually see when accessing an online service.
Aside from remembering passwords, password managers are also good at spotting phishing pages and will refuse to seamlessly enter login credentials that are supposedly required.