The phishing message was delivered to the inbox of My Online Security and came with a spoofed sender address. The phisher may have wanted to use a LNK shortcut file for the attack, a method that is regularly used lately to deliver malicious payloads. This method has grown in popularity after an IT engineer named Felix revealed in a blog post how to weaponize a shortcut file to drop an arbitrary payload. The method was first observed in spear phishing campaigns from CozyCar, OfficeMonkeys, The Dukes, CozyDuke, and Grizzly Steppe.
Source: https://www.bleepingcomputer.com/news/security/opfail-phisher-attaches-powershell-exec-instead-of-malware/