Thanks for answering, DL.
I did click on the links (with all my antivirus stuff running).
The links belong to Auctiva. This is a shame. Someone in Auctiva is sending them and even worse, I checked in Auctiva and token is valid. Not sure what this means or if one of the outsourced employees is hacking into accounts.