I recently received an email from a financial institution I do business with. This email looked strange. It came from a odd looking email address (not the usual one this institution uses), contained a phone number that when researched, did not appear to be from the company, contained some grammatical mistakes and had a PDF attached that was labeled with a strange name.
It was however in relation to a transaction I had recently completed.
Seeing all these oddities made me think that this was a phishing attack, and I was concerned to open the attachment. I instead decided to call them (using a known number) to confirm they had sent it. And yes...they had.
Just because an email says that you need to “verify” something, doesn’t mean that you must click on the link to follow the instructions. Take your own path and go to the source directly. Go to the website yourself and login, or better yet, call them to confirm.
Trust your instincts, as it's better be safe than sorry.