Even Troy Hunt (a well-known security researcher and creator of Have I Been Pwned) fell for a phishing email.
He wrote all about it on his blog: A Sneaky Phish Just Grabbed my Mailchimp Mailing List

I found it a valuable read, not only for the lessons learned, but it’s also a reminder that it could have happened to any of us. The email looks fairly well crafted and I appreciated his analysis of the factors that led to him falling victim. It’s important to remember that even the most security-minded people can make mistakes and that security is hard.

Honestly the most frustrating part of the story is the fact that Mailchimp doesn’t delete unsubscribed emails and even worse they give you no way to opt out of that — so a list owner would have to regularly go in an delete them manually… and why do they store your IP address?? 😡

I also thought it was sneaky that they generated an api key on his account. So in addition to updating login credentials remember to check for any recently added api keys.

I hadn’t thought of this vector before, but it’s now one more reason why I prefer subscribing via RSS.