When you click the link, it takes you to
DANGEROUS LINK -- DO NOT CLICK
https://storage.googleapis. com/bjhgy/thefileservers.html#qErNp.FRvLutnulOWxJClRhMLEJWmw?fjMgbPcc27dKcyswNcdcLzcScxSmTd98hcbbb2D
That page has a javascript that checks the url to see if a hash is included and determines whether the hash is >5. If it isn’t, it redirects you to a 404 page. If it’s greater than 5, it is supposed to send you to the start of the phishing page but it doesn’t seem to forward for some reason. The phishing page is at:
DANGEROUS LINK -- DO NOT CLICK
http://thefileservers. com/fjMgbPcc27dKcyswNcdcLzcScxSmTd98hcbbb2D
which claims you owe $1.95 in shipping charges for the packages they are holding. Clicking through that series of forms, it eventually asks for name, address and credit card info.
This page
