An EU delegation in a third country receives an urgent email that appears to come from the EU Headquarters (EEAS) requesting immediate confirmation of access credentials for an internal mission management system due to a 'supposed security vulnerability'. The sender uses an email address that slightly differs from the official EU one. As a cybersecurity expert, what is the most appropriate security measure that the staff member should take to protect EU data and digital infrastructure, based on EU cybersecurity and data protection principles?