Replying to @coderbyheart
But that lead to a PDF which itself contained a link to a login form for
Microsoft Credentials, hosted on http://woofooz.com
Now I was suspicious and wrote to the known email of the sender.
And I got a reply right away.
1 reply
Replying to @coderbyheart
Now, the contact would not use this language (they are Norwegian) so I double
checked by SMS and they got p0wned by an attacker who took over their email.