I get phishing attempts directly after receiving legitimate email about something. For instance, directly after getting email about a package I get phishing attempts regarding delivery. Just now, I got the same thing for crypto currency. The subject may vary but the direct connection in time between legitimate email and spam/phishing is the same.

I read my email in the browser. I get the same behavior on different computers and networks.

I was wondering if someone else experienced the same and if someone has an explanation. (I work in IT since some decades and I like to think I have a fairly good understanding of the Internet infrastructure.)