Yes, you're absolutely correct! Many financial and fiat phishing attemps can be deciphered from legitimate emails from how they address the user. There is also a reason why spear phishing (targeting something or someone) is as effective as it is. By addressing the user by their name from other compromised sources, the attacker can gain a solid success rate. Always go right to the source! If for instance, paypal emails you, theres a good chance you can avoid the email all together and login directly and securely to their website.