This rule detects potential phishing and spam attempts manifesting as fake shipping notifications. The warning signs include the presence of shipping-related keywords within the body of the message, such as 'waiting for delivery', 'delivery missed', and 'tracking number'. The email body must also contain at least one link, with the intent to deceive users into clicking it. Furthermore, the language used in the email should exhibit urgency—a common tactic employed by attackers to invoke hasty decision-making from recipients. The email must address recipients by their email rather than their actual name, increasing the likelihood that this is a mass-mailed phishing attempt rather than a personalized correspondence. The detection mechanisms in place involve content analysis and natural language understanding to identify these characteristics and classify the email as potential spam or phishing. The rule is categorized as a medium severity threat, reflecting the need for vigilance due to its ability to trick users into divulging sensitive information or engaging in malicious activities.