Fresh phish

Wow, this is a really well done phishing attack.  Someone is sending emails to all the addresses that were on 2012 Forms 470, saying:

AT&T payment confirmation

Dear Valued Customer, Thank you for using AT&T online payments. You submitted the following payment(s) for your account. Payment Method Confirmation Payment Date Amount BankDraft 5LC3HY8ZEPHHU36 03/18/2013 $1899.34 For more information about payment please see the attachment. Thank you, AT&T Online Services www.att.com/smallbusiness

This email looks completely legit to me, and all the links in the email seem to point to AT&T URLs.  And I've tried a number of virus scanners on the attachment, and none of them caught a virus, so either there isn't one, or it's a new one.  I won't be opening the attachment to find out.

The Confirmation number and Amount are the same on all the emails, though, so they're definitely fake.