[samrus]

The harder it is to do, the more the targets guard will be down

In this case, sending your malicious image through a fake email might get flagged, or even not opened by someone whos been trained in infosec enough to be suspicious of these things. But a tracking pixel in an email that is verifiably from a trusted entity will be opened no problem. Type of thing that will look pretty slick if you read about it being used

[crazygringo]

It's incredibly easy to get people to open emails. This isn't asking them to download an attached .zip or .exe file or follow a suspicious link, which is what people are trained against. This is just an embedded image.