Phishing Attack That’s New to Me

I got a legitimate email from my bank saying that there had been suspicious login attempts and that they’re sending a new card.

I also got a couple phishing emails from what appeared to be my bank saying that there had been suspicious login attempts, and that I should login and clear things up.

Theory: this is deliberate and not a coincidence. The attacker deliberately triggered the suspicion of my bank and then sent email hoping I’d assume the phishing emails are also legitimate, since, after all, I did get a legitimate email.