ZDNet: This strange new phishing attack uses a surprise bill to trick you into clicking

Researchers uncover a campaign which uses SHTML files - commonly associated with web servers - to direct users to malicious, credential-stealing websites.