As a rule, whenever I receive any such messages from known vendors, if I think there is any chance that the message is legitimate, I separately log in to the site, ignoring the provided link. If I truly need to perform the requested action, I should be prompted to do so.
The same rule applies to e-mail attachments. Be especially suspicious of unsolicited attachments from unknown senders. In this regard, Microsoft recently posted Security Bulletin MS11-036, describing a vulnerability in Microsoft PowerPoint that could “could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker… could gain the same user rights as the logged-on user.” You could be at risk by opening a suspect PowerPoint file that you received in an e-mail. On a Mac, the danger is limited to Microsoft Office 2004 and 2008 (not the latest 2011 version). An update to patch the security hole is in the works, and should be available soon.
This is the world we live in—where being skeptical typically pays off and being trusting too often leads to disaster. Still, I suppose it’s always been that way, at least as far back as when P.T. Barnum is purported to have said “There’s a sucker born every minute.” The technology keeps getting updated; the dangers stay the same.
Sign up for CIO Asia eNewsletters.