An easy way to determine legitimacy of an unexpected email is to reply (without opening the inbound message) and ask the sender whether they intended to send you the message and/or attachment.
Hyperlinks : Risky Business
One of the easiest ways to get infected is through a little mouse-click. Be prudent as you consider clicking a link on a webpage or in an email. Does the link direct you off of the original domain you accessed or the one with which you are familiar? If the link is in an email, do you know the sender? Did you request this message and/or content? Anti-malware software can help protect us, but we are still driving and we are in control of our destiny. Ask yourself: "Do I need to follow this link? Is there any risk? Is this PC mission-critical?"