This is the second of these I've seen in as many weeks, identical format, so someone out there is obviously offering this as a Phishing Kit
This starts off with the completion of a website contact form asking for "details or "pricing" or some other generic terminology. This should be a red flag 🚩 because it is too generic. It's what is termed "response-based phishing", that is: something that appears harmless but is designed to open communications and generate a conversation
Then the phisher gets a response from the organisation asking for more details or specifics of the enquiry and then the hammer drops. The phisher responds with an email along the lines of "here are more details" and includes an htm file which, when opened, looks like the image below:
Anyone using MS365 and therefore Sharepoint might spot that this doesn't look right but those that don't might not
The main red flag though should be that:
🚩 What is supposed to be a download link actually opens a fake MS365 login page. This is designed to steal credentials, whereafter the phisher logs in to the MS365 account and changes the password and can then operate as the original user, sending phishing emails and other nefarious actions
Certain types of MFA/2FA can even be bypassed with these attacks so be careful out there!