Hi, > >> I realize blocking all javascript is prone to error, > > What legitimate email uses javascript? > And more important: which email clients do actually process Javascript > that comes within an email? Thunderbird doesn't since 10 or 20 years > ago. I don't know of any other as well. This phish is probably targeted > to inferior web-based email readers who don't filter Javascript well. > Are there any?
It's not a matter of processing/rendering javascript by default in an email, but someone clicking the ".htm" file, even in Thunderbird, which then renders the HTML/javascript in the browser. In this case, the ".htm" file is a rogue O365 login page.
