The majority of phishing emails have the objective of stealing your email account password, so that the bad guys can impersonate you and then steal money from you, your company, your customers, or your vendors. We regularly cover the ways in which we can identify a phishing email (click to review a blog entry on identifying phishing attempts), but there is one sure-fire way to avoid having your account compromised.
If you are ever prompted to enter your email address and password after clicking on a link in an email request, err on the side of caution and don’t enter it. There is a minuscule chance that you will ever need to do so based on an unsolicited email.
If you have the slightest doubt about a request in an email, pick up the phone and call the sender to validate the request. When doing so, be sure to use a published or known phone number and not a number listed in the email itself.