Phishing attempts are getting better and better. The bad guys are now sending messages from hacked accounts which can lend credibility to the authenticity of the email.  If you are not expecting an email from sender, disregard the request or validate the request by reaching out to the sender via published contact information.  

Remember: When in doubt, don’t act on it. It’s simply not worth it.

With that said, let’s take a look at an actual phishing email to uncover clues as to its legitimacy:

In reviewing the email, you will notice that:

• the sending address states that it is from DHL, yet theactual reply-to address goes to an account on a Russian domain (.ru).

• there are capitalization, punctuation, and grammarissues (“Attempted”, no comma after the salutation orgreeting, “Goodday”).

• the dialect used is obviously not North American. Termssuch as “good day”, “dispatch rider”, and the biggest indicator of themall in “kindly”, are rarely used in North America.

• the link goes to an unknown, suspicious domain(mminagebonwe.com). Even though the link says that it is going to dhl.com,you can see the true destination by hovering over it.

• even without these indicators, it is rare to receive anunsolicited email about a package delivery from any of the major deliverycompanies. Thus, the content should automatically be suspect.

Always remember to think before you click.