If I were an unscrupulous phishing scammer, I would replicate this email, replacing it with my own phishing email address and proceed with my phishing scams.
I’m no expert or anything but I don’t think this is the proper way to roll out an email address change to your database. Cebu pacific is basically setting precedent that this is something that they would normally do: send you information that they’ve changed domains, and that you should go ahead and add this to your safe senders list so you can trust what ever content comes from this new mail.
You can see how unscrupulous people can take advantage of this by sending the same email from a different but maybe similar email address and it’ll be deemed authentic because they have done it before.
But then again, maybe this is a phishing email since I don’t see any mention of this said change of email address on their official website.