This is why I never use webmail
Webmail is so rife with dangers for the uninitiated it should be banned from use until the user has passed some sort of exam.
Webmail makes users choose easy passwords so they can remember it when using a 3rd party PC, and because they CAN, they WILL use any PC that comes to hand, which risks (a) disclosure of logon details (not just keyloggers - one ill-advised click can get the logon details stored in the browser and cache) and (b) leaving behind attachments on that PC, typically in the %TEMP% area of the machine, something you don't fix with 2FA. It's a left over from the days of low bandwidth: documents would be downloaded in full first before you could open them, and the practice persists.
Good webmail front ends make it possible to prevent access to attachments (leaving them only available for IMAP access), but in experience they're rare.
This specific attack is enabled by hiding extensions and actual link targets, unfortunately something that Apple now defaults to in OSX, sorry, macOS as much as Microsoft does.