For ProtonMail users there is a simple way to avoid this. The service warns you in every e-mail, if the sender raises suspicion, because of using not properly set up domains:
Do your e-mail service providers have similar features?
If not, you should always be suspicious of anyone trying to let you download or click on anything, especially if such e-mail comes out of nothing, because you did not expect it.