>... they had to send out follow up emails saying the original emails are legit and it's ok to click the links in them.

Sounds like something a phisher would do. Better not click.

I worked somewhere that would send the notice to do mandatory security training from a suspicious email and the message was very short (something like you have been enrolled in training at https://phishing.site.example.com/abdlejrj). In always just reported them as phishing and no one ever followed up.

	▲	mcny 6 days ago \| parent [-]
		Every time I reported an email as a suspected phishing attempt at an ISP I worked for, I got an automated reply congratulating me for recognizing the test email. I don't think I ever got a real phishing email at that company. But then I never had to email anyone outside the company.