...
First, apply your own common sense, intuition, and previously received IT security training in evaluating the trustworthiness of the received email. If, after doing so, you still feel there's a strong chance the email is legitimate, there is one additional technique that can be used to analyze and verify the link you're being asked to click before actually doing so. . .
Only After Careful Examination - For Emails You Think Are Likely Legitimate
As an example, we'll be using an actual, legitimate email sent to me asking me to take part in the "UC Cyber Security Awareness Fundamentals" training (screenshot follows further below). Training emails such as these often illicit worry and concern because the return address on them (noreply@sumtotalsystems.com) is not from a UCSB organization or contractor that is readily recognized. So, the first impression given by this email may be that it is not legitimate. And, it should be pointed out that even emails with valid/legitimate return addresses can be malicious (the return address can be spoofed/faked and even non-functional. . .the malicious intent is not that you reply, but that you click a malicious link or open a malicious attachment).
...