Always ask who is it, and do you trust them.
Phishing is still the number one method used by malicious actors to gain access to your systems and data, and you are the only one that can stop them.
The Federal Trade Commission has a nice short and easy to read article How to Recognize and Avoid Phishing Scams that covers the basics on how to recognize and help protect yourself from these attacks.
Remember when in doubt reach out, to your IT Staff or Managed Service provider. If you don't have either contact us and we will see what we can do to help.