Attackers send a legitimate-looking e-mail asking users to update their information on the company’s Web site, but the URLs in the e-mail actually point to a false Web site.