I don’t know how many times I have said this, but NEVER EVER click on a link in an email you receive even if you know who the person or company is.
If it’s a company, go to your web browser and open up the company website and sign in from there – never sign in from a link inside an email. If you are 200 percent sure it’s safe then you can 1st sign on to the website from your browser and then click on the link inside the email. If it opens up another window (and doesn’t use the window you opened from the browser), close it immediately. And never reenter your login credentials.
If it’s from a person who you trust AND you are expecting the email and the file, you may be okay. If you have any doubt whatsoever created new email, put the person’s address in from your address book (don’t hit reply) and ask them if they sent the file.
And don’t be scared by what’s in the emails. I got to phony emails this week from a legitimate law firm telling me there was an SEC subpoena waiting for me. I went to my browser, opened their website and the 1st thing at the top of the website was a notice that there were phony emails going around allegedly from their company.
It’s a jungle out there. Don’t get caught in the quicksand.