What is new about this scam?
As i mentioned earlier that it is almost similar to the old one but the only striking difference is that it has got an attachment along with a mail.The attacker has used the skills of social engineering to make the user believe that the mail is from the "GOOGLE" itself.Take a look at the mail below......
Check the source code of the attachment(html file),use ctrl + f to find "action=" use without quotes then u will find something different to that of the original page.
which means when the user enter any values in the login field of the fake page(attachment) then it sends the values to a "serviceloginAuth.php" on an external domain for the attacker and the website under this domain is registered to someone in Sremska Kamenica, Serbia-said Tom Kelchner of sunbelt.
If you find this post worth reading then do drop a comment ,it will be appreciated .