Broadcom just did the same thing: e-mail from the CEO inviting people to sign up for a holiday party. Headers were legit with DMARC pass, SPF pass. You were asked to click a URL that showed a Google Drive document but actually led to another site. That and some typos were the only clues that it wasn't legit.
Ah, that would explain why I didn't see you at the party last night. Too bad, we had a blast. /s
In all seriousness how is a laymen supposed to know it's phishing? I assume Broadcom has specific places/processes to organize parties that people should know about?
This kind of email is especially clever as it plays on FOMO which so many people seem to have.
