From techrepublic.com

Phishing attacks work by impersonating a familiar or trusted brand, product or company, often with the goal of tricking recipients into divulging sensitive account credentials. That’s exactly the case with a recent phishing campaign analyzed by security firm Armorblox in which the attacker spoofed Zoom in an attempt to compromise Microsoft user credentials.
How the attack worked
Aimed at more than 21,000 users at a national healthcare company, the phishing email included a subject line of “For [name of recipient] on Today, 2022” with each user’s actual name listed as the recipient. Displaying the Zoom name and logo, the email itself claimed that the person had two messages waiting for their response. To read the alleged messages, the recipient had to click on a main button in the body of the message.