Email and phishing page
These pieces of HTML code combine with the fifth that was present in the HTML attachment and open a browser focused on the phishing page:
The code will contain the target email address and will fill out a fake login box to make the phishing page look legitimate. The phishing site also checks the format of the email address and the length of the password, explained Trustwave SpiderLabs researcher Homer Pacag.
Once the victim submits login credentials, they are effectively compromised, and the victim is shown a website that says their account or password information is incorrect and invites them to try to log in again.
Spotting phishing sites
Needless to say, you should always be careful when evaluating unsolicited emails and you should not indiscriminately download and open attachments (or links) contained in them.
You should always look at the URL of any login page they are facing and make sure it is the same one they usually see when accessing the online service.
In addition to remembering passwords, password managers also notice phishing sites well and will refuse to imperceptibly enter the login credentials that are supposedly required.