In the last couple of days, I’ve received email from my ISP telling me that my credit card has been declined and I need to click the handy link and enter a new number, and email from Paypal telling me that my account has been hacked and I need to click the handy link and change my password.
They were both scams, of course — but convincingly executed. So watch yourselves. If you get this sort of email, never click the hotlink — enter the URL of the site in question manually, and see if there’s actually a problem or not. (If your mail program allows it, you can also just take a look at the message source code and see where the hotlink is actually set up to take you.)
But you knew that.