Hello everyone. I’m new here and I’m posting to report a phising email I’ve received on my inbox. It consists of an email allegedly coming from CargoSmart, and attaches a HTML file imitating the login page of SharePoint: https://orca.pet/tmp/phisingreport/awb.png
The email then POSTs the data to https://www.treelains.com/web/page.php which forwards the user to the actual Microsoft login page.
The HTML they send is available at https://orca.pet/tmp/phisingreport/AWB%20Invoice.html, and the original email with headers is at https://orca.pet/tmp/phisingreport/awb.eml.