An employee of a local vendor had their email address compromised and used to send phishing emails. Notice the part that looks like a file attachment–it actually is a link to a malicious file on OneDrive.
If you receive emails that appear to come from someone you know but don’t quite look right, don’t reply and don’t click on the links. Instead, contact them via a phone number that you already have and know is safe. Also inform your department’s IT support staff and report the phish to the Information Security Office so that we can follow up as necessary.