An employee receives an urgent email from what appears to be the IT department requesting immediate access to their cloud storage service to resolve a security issue. The email contains a link to a login page and asks for their username and password. What is the most appropriate action according to GDPR data protection principles?