My experience has been, based in part on information I have read about on websites dedicated to fighting malware, phishing, scams, etc, that contacts from legitimate sources -- like the real Oath (or Verizon, etc) -- usually frame outreach in terms of giving you an opportunity to enhance your on line experience, that if you upgrade or whatever, something good will happen. Non-legitimate sources usually do the reverse, try and intimidate people by implying that if you don't act now something bad will happen. (Have your account disabled or deleted). The legitimate sources are usually aware that people may be suspicious and don't like to 'click on the link,' and, if they include one (because they sometimes do), often offer you the alternative of visiting their website with a keyword you can enter in their site's search box to pull up the relevant information.
The emails I got from Oath that seemed malicious contained the warning and 30 day deadline in the subject line, I deleted them without opening them. A few times when I've been really uncertain about an email -- might be legit, might not be -- rather than open it on my own personal computer I went to a FedEx Office location and opened it on their computer. Or tried to. Those kinds of computers usually have extremely sophisticated security programs. I recall an email I got unexpectedly from Dropbox, with a file attached, sent by someone who had sent me legitimate files from Dropbox in the past. But this one was to a different email address. Why would he have done that? (Yes it was an AOL account.) I emailed him but when he didn't answer I went to FedEx. The computer at FedEx wouldn't let me open the file. It said the file contained suspicious code and appeared to contain a virus. The security program suggested I delete it and I did.
tommy0421
Tommy Meehan