Explanation
Threat actors are using a Post.lu theme to collect email credentials.
The phishing mail leads the user to believe that a new invoice arrived. By opening the attachment and clicking on the link -Protection- the user is redirected to the phishing landing page. On this landing page the user is asked to enter their Post.lu email credentials.
Example