An EU official, who works closely with the EEAS and diplomatic delegations, receives an urgent email claiming to be from the 'European Commission'. The sender uses a public email address (@gmail.com) and requests confidential access credentials to 'verify an identity' through an unofficial link. Considering the principles of digital security and cybersecurity risks in the EU environment, what is the most appropriate action to protect the security of information and personal data?