A European Union delegation agent in a third country receives an urgent email that appears to come from the European Commission's headquarters requesting access credentials to a sensitive data management system. The sender uses a generic email address (@gmail.com) instead of an official EU domain (.europa.eu) and the message contains a link leading to a website that visually imitates the official intranet. According to the fundamental principles of digital security and cybersecurity applicable to the EU environment, what is the most appropriate action for this agent?