New investigations find that Phishing schemes have gotten even more diabolical. The email scam campaigns use personal information to appear authentic, which leads victims to divulge information and open infected links. TLDR: If you didn't ask for it, don't click on it.
According to the Proofpoint Blog -
In one email targeting a retail company, the attacker attempted to infect a manager. In that particular message, the actor used the target's name, phone number, and the company they work for to “report” an incident at one of the retail locations using the actual address of that location. If the target were to open the attachment, it contained a malicious Word document that would infect the entire company's computer network.