An employee receives an email that appears to be from the company's official email address, but it contains an urgent request to update their access credentials. The message includes a link that redirects to a webpage requesting personal information. What is the most secure and appropriate action for the employee to take?