An EU official working at the European Union Delegation to a third country receives an urgent email that appears to be from the European External Action Service (EEAS). The sender claims to be the High Representative of the Union for Foreign Affairs and Security Policy and requests the immediate transfer of funds for an 'emergency crisis operation' via an unverified payment link. Upon analyzing the email, the official notes that the sender's name is correct, but the email address comes from a generic free domain instead of an official EU domain. What is the safest and most appropriate action the official should take in accordance with EU digital security and cybersecurity principles?