Gloria asked me to have a look at an email message "from" our bank.
Other than addressing her as an "esteemed" customer, it looked pretty good. No problems with spelling or grammar. A security warning at the bottom. The head office address for the bank.
When I looked at the headers, there were only a few, very small, indications of possible problems. It was sent from a domain that was not owned by the bank, but a lot of companies are outsourcing a lot of IT functions, so that wasn't exactly definitive. It had a couple of headers indicative of spam filtering.
About the only thing that solidly demonstrated a problem was that the link to "verify" your account was addressed to a domain that was not owned by the bank. (Now if banks start outsourcing account verification ...)
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of http://www.noticebored.com/html/cisspforumfaq.html#Friday or https://blogs.securiteam.com/index.php/archives/1468