The zip attachment contains an exe file: the malware itself. This, if opened, activates the infection.
Technical analysis by the Malware Hunter JAMESWT
New Webmail phishing campaign via “email account full”. The potential victim is lured with a tailored message to open a link and access to a fake provider login page. The goal is to steal credentials
New cybercrime’s Webmail phishing campaign exploits the “email account is almost full” lure. The victim receives an email tailored on his address, about the necessity to upgrade as soon as possible the account.
The link in the message points to a fake provider’s login page, in which is required to digit the email address and the password.
Whatever combination is entered, a message about alleged server errors, asking you to try access again later, will appear. In the meantime, however, the credentials will have been stolen.