Never, ever click on links in an email.
One of the most common attacks you'll see as an average user is a Phishing Attack. It never actually feels like an attack in the way you might think. No bullets are flying and no real active probing into your stuff. It's more subtle and can be challenging to spot.
Phishing attacks are always* an attempt to trick you into doing something. They differ from Spam in that instead of just being annoying or unwanted, they try to get you to DO something.
"Login to verify xx now!" or, "We noticed xx, please confirm the following details."
A couple of things that Phishing emails usually have that should set off your "Spider-Sense":
- A sense of urgency
- An email address that doesn't make sense
- Links that you should click on
Crafting a phishing email that doesn't immediately raise suspicion requires some skill. The scammer has to be mindful of branding and tone and make sure the email is error-free. He also has to hope a spam filter misses the email.
View everything you see in email with suspicion, and you can have a fighting chance of preventing being Phished.
*of course, there are few exceptions