An employee receives an email that appears to be from the company's official email address, but contains a urgent request to update their access credentials. The message includes a link directing to a webpage that requests personal information. What is the most secure and appropriate action the employee should take?