In 2019, fake invoices & fake payment activities remain key email attack approaches in SPAM email as documented below. 

https://www.pcmag.com/news/366837/invoice-in-your-email-office-file-attached-beware

https://www.symantec.com/security-center/threat-report

When you get an email with a subject that says “bill” or “email delivery failure,” is peppered with keywords such as “invoice” and “payment,” or has unsolicited Microsoft Office files (or worse, an unsolicited .EXE file) attached: You’ve gone from being spammed or phished to being full-on attacked.

The latest findings from the always-updating Symantec Internet Security Threat Report are summarized above by our partners at Statista to show you exactly what to look for in a malicious mailing that could cause you (or your company) some harm.  Don’t hesitate to look this over: I work at a major tech publication, and our HR department required all our staff to do mandatory training on ferreting out evil email messages, among other things. It’s important to know this stuff, especially because while 55 percent of mail sent in 2018 was ignorable spam, 1 in 412 messages was a direct, malicious threat