Standard phishing defense tactics apply in this situation. Users should always take a close look at the sender’s display name when checking the legitimacy of an email. Most companies use a single domain for their URLs and emails, so a message that originates from a different domain is a red flag. It is also important to check for mismatched URLs. While an embedded URL might seem perfectly valid, hovering above it might show a different web address. In fact, users should avoid clicking links in emails unless they are certain that it is a legitimate link.
https://www.bleepingcomputer.com/news/security/as-twitter-brings-on-8-fee-phishing-emails-target-verified-accounts/
https://www.trendmicro.com/vinfo/it/security/news/cybercrime-and-digital-threats/best-practices-identifying-and-mitigating-phishing-attacks
