I'm not the person you replied to. Anyway, I'd expect of a company like Google to not word their e-mails in the same way cyber-criminals do - and for what it's worth, many cyber-security training programs actually teach that vaguely worded but "important sounding" subjects are a key indicator of something being fishy.

While the subject line could be better, the subject is not the only indicator of the importance of the email. It is coming from "Google Payments" and as a customer of GCP, why wouldn't you treat every email that comes from Google with an equal amount of importance even if there are false positives? As I said, having a filter of email addresses routed to a specific tag, all marked important and notifications for every email that lands there is one of the most basic things you can do to not avoid important notices

I don't see the issue with the subject line. I get the general rule to not mark everything important but in this case the mail IS important

In a world where people get sometimes hundreds of emails a day, on top of a constant onslaught of spam, scam, phishing and otherwise malicious email, it is basic netiquette of summarizing what exactly you want from the receiver.

Additionally, a lot of people seem to have taken buzzfeed-style clickbait headlines as the role model for communication and that may be a factor here as well.

How do you know? Sender lines are faked all the time. If the subject line reads like spam, I'm not looking at who sent it. I just delete it out of pure muscle memory.

Again, not saying this is a good habit, but it is an understandable habit.

by that logic, you shouldn't trust any email unless it's signed and you've verified the sender. If the sender is your cloud provider, you read the email and decide from there whether or not it's worthwhile.