Malicious DHL shipment email
/Malicious phishing emails referencing lost or missed shipments happen often. In this example, the phishing email is referencing an anticipated delivery. The attacker takes a chance/makes a guess that the email recipient has placed orders with Apple in the past or has made one recently.
Let's walk through the email and see what type of warning flags could have alerted the recipient to its malicious intentions.
Here is the email the recipient was sent:
If the recipient hasn't ordered anything from Apple or any company/website that sells Apple products recently, they should just delete the email.
If the recipient has ordered something from Apple or another company/website that sells Apple products, they should log in to the website they ordered the Apple product from and check the shipping details there. The recipient may also remember when they ordered the Apple product who the shipping company was. If nothing points to DHL, that would be the perfect warning sign. If it is being shipped via DHL, the tracking number should be listed on the website where the product was ordered from or some other type of order details such as shipment estimated arrival time. If anything doesn't match, that would be a clear indicator something isn't right.
The most obvious indicator is when hovering over the website link where it says "click here", without clicking the link, the recipient would see it is a random website with DHL-Express/US thrown on at the end to make it seem legitimate. Anything listed after .com, .net, .ca, .fr, etc. is irrelevant. the words listed just before .com, .net, etc. is what matters most. In this case, the words were totally unrelated to DHL.
One other warning sign is the unprofessional look to the email in general. With that aside, there are plenty of other warning signs to indicate this email is very suspicious and should probably be deleted.