In this case, the attack is structured as follows:
A potential victim will get an email informing them that they've been subscribed to a fee-based service. The email instructs them to call a given phone number and speak with a representative who will be happy to help them.
If the recipient calls, the agent, who of course, is part of the hacker's organization, will guide the caller to a website where they can download a file the faux agent claims is necessary to finalize the cancellation. Naturally, the file does no such thing, and is instead, a piece of malware of the attacker's choosing.
The payload can vary and be just about anything. The currently identified campaign is using BazaLoader, which creates a persistent backdoor on Windows-based machines to give the attackers easy access to that device which they can exploit in a variety of ways later on.
While this may seem like a convoluted path for the attackers to take, it can be devastatingly effective. It has the key advantage, from the attackers' point of view, of being extremely difficult to detect and prevent. Most detection routines are file based, and since this type of email doesn't contain an attachment of any kind, it poses tremendous challenges for IT security professionals.
As ever, the best defense is education and mindfulness, so be sure your staff is aware.