this kind of emails could be hugely productive at mimicking an established organisation, and in some cases very competent cyber industry experts could be fooled into clicking a website link.
The NCSC gave suggestions https://susanljfu453458.activoblog.com/31396183/a-review-of-national-cybersecurity-centre