I looked at the file ... it is an encrypted .doc

I have not tried opening it, but this approach is not typical for phishing, but for malware infections.

Some macro in the .doc would run (sometimes user is tricked to enable macros, sometimes an exploit is used to run macros without further user's intervention) and then the computer would get infected by some malware. Could be some ransomware, botnet, scareware, password stealer, banker, adware, but surely it will be something evil.

I am not going to examine it further to find which one it is.