Explanation
In this case, the phishing e-mail lures a potential victim with a fake fax message notice.
Instead of having to click on a link, the user is lured to open an attachment which contains the phishing form.
When opening it, the user is presented a fake login where they have to enter their e-mail credentials in order to view the fake fax message.
Finally, after having entered their credentials and clicked on View Document, they are redirected to the Excel Online page in Chrome Web Store.
Example