I've said it before and I'll keep saying it until everybody gets with the program: Don't click links in email messages! Not the ones that seem to come from your bank, your credit card company, or PayPal, or any financial website. Not the ones apparently sent from Microsoft that offer a patch for a new threat ("just click here!"). Don't do it!
But wait, you say, what if my bank account really does need attention? Just go to the bank's website – only not by clicking. Or hey, you could call the bank on the phone – just be sure to use the number on your last bill, not the one supplied in the email.
Likewise, if one of your apps allegedly needs a security patch, go to the vendor's website directly and look for information. Don't click the supplied link!
Do not click the supplied link. Are we getting the message yet?
And if your good buddy emails you a link to the latest video of amusing cats and you're totally sure the message really comes from your buddy, well, it might be okay in this case. The risk is small, but there's still something of a risk – so why not just go directly to YouTube, copy and paste the title of the video clip, and search for it there. Again, go directly to the source. Yes, it's quicker and easier to just click the link – but of course, that's exactly what scammers rely on.
Once everybody takes the no-click pledge, scammers might just stop sending fake emails (and start doing something else sneaky – oh well).
For more on the topic of email security, see our article on why it's vitally important to ensure your email account is secure.