We’re seeing this phishing attack over and over this week.
Your first clue that something is wrong is it doesn’t look like voicemail emails you might typically receive. Unless you have a brand new voicemail/phone system these shouldn’t change format!
The second clue is that it’s an HTML file. That should make you wonder.
It’s actually quite clever because as an HTML file, it opens in your webbrowser, which then connects to a webserver and executes code from that website. The actual attachment itself doesn’t have any bad code, so your basic antivirus will PASS it. It’s the website it takes you to that does the harm.
The nasty business is that it takes you to a Office 365 login page, harvests your login details and uses those to cause more harm.