Don't click links in emails unless you're really confident that they're genuine. And when in doubt, don't click: copy the link and examine it in a text editor.
For example, today I received an email that looked genuine and kind of inviting. It seems to come from a real person; at least the sender field displays a real-sounding name. And the content of the email makes it sound like something is being offered that I'm supposed to be interested in. Here's a screen capture of the email.
I don't know who this sender is. In itself, that doesn't of course mean that this message is spam or worse, a phishing expedition. After all, I get email from strangers all the time. But it puts me on my guard, just as I'm on my guard when I answer a knock at the door and see someone outside that I don't recognize. What really made me nervous about this message, though, was its content. It doesn't say anything I expect to hear in an email from a stranger.
And what about that link? It must be secure, right? It starts with "https", meaning it's a secure layer. Well, no. It's important to understand that every link has two parts: the wrapper, and the actual link content. The outside or packaging of this link looks good. But that's just packaging. It can lie. What matters is the link that's embedded inside the wrapper. That's invisible. For example, consider this:
It looks like it's going to take you to a page on Apple's website where you can get a free iPhone. But instead it takes you back to this page of the Rucksack blog. Sorry to disappoint you, but at least my example link doesn't download malware to your computer.
What can you do about this? Right-click the suspicious link and select "Copy Link" or "Copy URL". Then paste the clipboard into a text editor and look at it.
When I copied the suspicious link from "Ms Rice" into my text editor, it turned out not to be a Dropbox link at all, but something else. I don't know what: It might be a page that tries to download malware to my computer. It might be a page that tries to steal info from my computer. Or it might simply be a page used to verify my email address: verified email addresses are more valuable to spammers. All I need to know is that I was lied to.
I marked the message as spam in Gmail and moved on.