This week, we uncovered an "eFax" email across multiple organizations. The email comes across as an eFax with a link to view documents.
The subject of the email reads: Doc(s) Daily delivery #-0003351977
When you click on the link in the email, it leads directly to a sign-in page that steals your credentials.
Here's what it looks like: