Thanks for passing the warning along. One habit I've cultivated: whenever I see a link in an Email, I hover my mouse arrow over it and look carefully at the little bar which shows the URL. If it's not exactly the same as the raw link, that's a danger sign. I immediately delete any Emails like that, and so should everyone.

Also: read the domain and subdomain very carefully if you get an official-looking Email with text instead of a raw URL. A favorite phishing trick is to replicate the apparent sender's domain with a subdomain of a different domain that they control. Read right to the first "/"; if you see a different top-level domain, delete the Email.

I don't open attachments at all. If you have to, it would be wise to place a confirmatory phone call to your sender before opening any. Emails can be spoofed or hacked fairly easily; that's not the case for a phone.