Ted Landau from PCWorld wrote an article about a recent scam where a trojan was passed off as a security fix:
The most recent example supporting this advice is the MAC Defender Trojan horse. As previously covered here at Macworld, after clicking a link to a site that comes up in a Google search, a message may pop up claiming that your computer is “infected.” At the same time, a ZIP file is downloaded to your Mac… The downloaded file turns out to be an installer for a supposed piece of software named MAC Defender. You are asked to purchase this software so as to fix the “infection.”
It’s all a scam. There is no actual program to install. The goal of the creators of this con is simply to get your money and credit card number.
I know what you guys are thinking: this is old news and I’m not that stupid, right? Well, some scams are pretty obvious but how do we know of it’s indeed a legit call to upgrade something in our computer? Do what is proposed by Landau (which is something I do myself too):
As a rule, whenever I receive any such messages from known vendors, if I think there is any chance that the message is legitimate, I separately log in to the site, ignoring the provided link. If I truly need to perform the requested action, I should be prompted to do so.
There. The point is don’t use the link given to you. Use the link you know to be safe.
I recommend you to read the article in it’s entirety since its not too long but contains some pertinent points.