We received quite a few requests from our customers outlining that they thought this email was a scam, which it was. My colleagues and I went digging through this out of curiosity and we followed all the links in a sandbox environment. We got to the point where it said you failed and it took us through the training section of this test.

Within this training section it outlined all of the red flags in which some of them were contained in the attachment and would require the user to open the attachment. If the user opened the attachment they failed. I personally don't think this is very fair given the overall test scope being not to provide your personal information. My feedback is to remediate these in the future