On surfing the embedded links, the browsers was forced to visit the malicious domain as presented below:
This page contains obfuscated malicious iframe that renders dynamically to load a plugin detection script from third-party domain that fingerprinted the users' environment and served the required exploit. Blackhole BEP exploit has been used to distribute exploits against vulnerable browsers and plugins. The iframe loads the webpage which contains plugin detection script. The page shows a redirection message as follows:
The HTML content of the phishing email is pasted here - http://pastebin.com/epGAx7fr
The malicious script (deobfuscated) can be found here : http://pastebin.com/Ne4j5zmd
This link - hxxp://voicecontroldevotes.info/main.php?page=6df8994172330e77 loads the plugin fingerprinting script and connects back with BlackHole BEP.
This host (IP) has been used to register different domain names that have been used for spreading malware using BlackHole. Query here - http://www.malwaredomainlist.com/mdl.php?search=18.104.22.168&colsearch=All&quantity=50
These emails are delivered as legitimate and spam detection engine fails to provide any protection. Try not to fall prey to these phishing attempts.