How do you handle suspicious emails or messages in your inbox?
If it involves something with money (eg. bank, investing portal) I call them and asks if they wrote to me. If not I delete the email. For other types of email I usually read it, never click anything and delete it after that. Also I check header who sent it.
How often do you update your passwords for online accounts?
I use pretty strong passwords I would say so I change it not very often, like once a year, sometimes two years. However I can break this rule If there is a compromise. I also check haveibeenpwned (dot) com regularly.