Got an email entitled: “Action Required on your Coinbase account” looking for further KYC details

This email looked dodgy from the start as it was addressed to "Alex" and had uncompleted links in it.

It seems to be from them based on the email headers (SPF/DKIM, etc.) but it's asking me to send personal information by email and upload sensitive documents to a 3rd party portal instead of via the Coinbase site. As someone who works in IT Security I think this is insecure unacceptable.

Are they likely to disable my account when I refuse to compromise my personal security for their half-assed KYC process?

Edit: I originally posted this in r/Coinbase not realising that it's controlled by them. The post wasn't approved and so I'm posting here for some independent advice.