We see lots of phishing attempts. I don’t often see Absa bank phishing in UK
They use email addresses and subjects that will entice, persuade, scare or shock a recipient to read the email and open the attachment.
Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain.com >. That is why these scams and phishes work so well.
The email looks like:
From: Absa Online <email@example.com>
Date: Sun 10/09/2017 06:28
Subject: Update your Absa Account to avoid suspension
Dear Valued Customer
You are receiving this email because the Phone number we have on file for you within Absa Online was not up-to-date.
Download the attached document for the update.
We take your security very seriously. To help keep your Online Banking information safe.
Absa Online Team
Absa is an Authorised Financial Services Provider and Registered Credit Provider, registration number: NCRCP7. This e-mail and any files transmitted with it may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Absa. Any views or opinions presented are solely those of the author and do not necessarily represent those of Absa. This e-mail is subject to terms available at the following link: http://www.absa.co.za/disclaimer. The Disclaimer forms part of the content of this email. If you are unable to access the Disclaimer, send a blank e-mail firstname.lastname@example.org and we will send you a copy of the Disclaimer. By messaging with Absa you consent to the foregoing. By emailing Absa you consent to the terms herein. This email may relate to or be sent from other members of the Absa Group.
This email has an HTML ( webpage) attachment That when double clicked will display a page looking like this
Which is an almost identical copy of the genuine ABSA bank log on page, except the phishers also want your password & mobile number.The keypad doesn’t seem to work ( The genuine Absa bank uses an on screen keypad to supposedly avoid keyloggers detecting normal keyboard entries)
After you input any details & press next, you are forwarded to the genuine ABSA bank home page while sending your details silently to the phisher at http://www.pierrejoseph.org/Archive0001/assets/img/Absa2/continue.php which has obviously been compromised ( the home page has an Offline for Maintenance message)
The url “http://www.pierrejoseph.org/Archive0001/assets/img/Absa2/” is an identical copy of the html file screenshot, so there are almost certainly versions of this phish with a link not a html attachment.
pierrejoseph.org appears to be the website for a Canadian religious organisation First Christian Church of Ottawa É(glise Primitive (FCPO) )hosted by Godaddy on 126.96.36.199. There are a quite a few entries over the last month or so on urlscan.io for this domain and phishing attempts 
We all get very blasé about phishing and think we know so much that we will never fall for a phishing attempt. Don’t assume that all attempts are obvious. Watch for any site that invites you to enter ANY personal or financial information. It might be an email that says “you have won a prize” or “sign up to this website for discounts, prizes and special offers”
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.