Well, it sounds like the consensus is that it fishy, which I agree with. So I won't do anything more. And I'll change my password and keep an eye on my account. Thanks for the response.

Still, call me naive, but I suspect it is legit. Someone mentioned email spoofing. Spoofing typically involves concealing where the message actually originated from, right? I'm no security expert, but I can pretty confidently assert that it is a LOT harder for someone to be able to receive emails at a united.com email address and not be associated with United. Which makes me suspect it's on the up-and-up. Plus, this is a lot of work to go through to get a credit card number. STILL, not worth it to expose myself to the risk, just to save $150.