John makes some valid points below, you have to admit that.
“As a general advice. Be cautious, even when the person communicating with you appears to be someone you know. Consider everything to be hacked and your data to be leaked. With this approach you will notice that you’ll take thoughtful decisions and improve your security.”
In the link below he gets into more details, and you may not agree with all of them, but I do think we’d all do better to consider every link or attachment to be dangerous. Because so many of them are, and obviously not enough people are taking that fact seriously enough. If they were taking that approach, maybe we would see ransomware and phishing be a little less successful than it is, and we know it is successful enough for the bad guys to keep trying it.