If you receive a message from someone you don't recognize, you should be very hesitant to click any links or open any attachments. And ultimately, you should log into Outlook on the web and right-click on the message and mark it as Junk. (Doing this same step in regular Outlook does not train the spam filter. It just moves the message to your Junk E-mail folder.)
Just because your PC has antivirus, doesn't mean you are protected from all harm. AV will only stop infections that it knows about already, not new viruses that it hasn't seen before.
Also, at the very bottom of this post, I have included a training document. Please feel free to print this out.
Social engineered attacks
Today a lot of hackers will gather info from the web, or other infected PCs, and use the info to attempt to trick us. In the example below, the sender knows my name, email address, and job title. They often use well formatted emails in attempt to gain our trust into opening links and attachments, but looking like a legit source.
Here is an example of a fake invoice sent to me, where the sender was hoping I would open the attachment:
Red flags training document