Better not to click any email links. Excerpt maybe when you initiated the email like verification of some sort:
Discussion
ooof, that seems like a pretty big problem
"the email domain for the Department of State, allows Outlook to send emails on their behalf... an attacker can create a spoofed email... and then forward it through their personal Outlook account. Once they do this, the spoofed email will now be treated as legitimate by the recipient"
Great advice