Phishing has gotten really good, lately. As he noted, they will often re-use legit templates from the actual corporation. The email will be 99.9% legit, with maybe only one link being dodgy.

I don’t think they can pass DMARC, though.

My wife was almost scammed, a few years ago. What tipped her off, was how extremely good the “tech support” was. Real tech support is generally someone on a scratchy line, with a heavy accent, following an inappropriate script.

Even after she backed away, they sent a few followup snail mails, looking somewhat legit (cheap printer).