Generally no-- the payload typically comes from some sort of interaction (click a link, open an attachment, reply to the message). There have been some zero interaction attacks with emails before. Like for example, when the email is previewed in the reading pane in Outlook. These are exceptionally rare and not what we're training against when we do phishing training.
That said, if you know an email is phishing it's always best to not interact with it at all, but you really can't always tell by the sender and subject line alone.
I have used Excel to make tags from a table before. Usually just for one off stuff and before I was very familiar with JavaScript.
E.g. if you have a table of 100 urls you could use excel to easily turn them into
a
tags using the various text formulas like concat.It's probably never the best tool for the job but sometimes I'll do stuff in Excel just because I'm very familiar with it.
To clarify I am not a programmer by trade lol