Broadcom just did the same thing: e-mail from the CEO inviting people to sign up for a holiday party. Headers were legit with DMARC pass, SPF pass. You were asked to click a URL that showed a Google Drive document but actually led to another site. That and some typos were the only clues that it wasn't legit.