The emails contain a link to a legitimate but compromised web page that masquerades as the page for the billing and payment services of the provider:
If the victim fails to notice the unusual URL of the page, he/she will be giving over to the phishers a great amount of personal and financial information that can be effectively used to steal their identity and their money.
After the victims have entered and confirmed the information, the page redirects them to the legitimate site of the provider, thus making the illusion complete.
netizens left a footprint.