"That's a technique commonly used in a normal marketing email communications, but looks very out of place in an email about a security breach which tries to hammer home the point to 'Never click on reset-password requests in emails, " he said.

CNN: 50 million compromised in Evernote hack