|An example of a phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by "confirming" it at the phisher's website. Note the misspelling of the words received and discrepancy. Also note that although the URL of the bank's webpage appears to be legitimate, the hyperlink would actually be pointed at the phisher's webpage. (Photo credit: Wikipedia)|
A: It is good to be skeptical, as there are a lot of Phishing scams out there, hoping that you're gullible enough to randomly click on bogus e-mails, which takes you to a fake website that copies a real website, hoping that you'll enter your real login into this fake site, thus giving them access to your account.
In general, if you get an e-mail that says they need you to click a link to process a return, verify some info, claimed that your account was accessed fraudulently... ANYTHING regarding your account ANYWHERE, you should NOT click on the link, but instead, open a new browser window and go to that website directly, then login and see if there is a way to perform the action.
Most people would suggest you simply DELETE the suspect e-mail. However, I'd ask you to do two things:
1) Go to PhishTank.com, which is a crowd-sourced Phish-trap. Enter that web link you got from the Phish e-mail, (right-click, then copy Link URL) into the website, and see if it's an known Phish.
2) If this involves a bank, go to that bank's website and see if they have a place that involves reporting Phishing email.