This detection rule identifies phishing attempts that utilize Google Drive branding to trick users into downloading harmful files. Specifically, the rule targets emails containing links with a domain that does not belong to Google but uses its branding, indicating potential manipulation by threat actors such as Qakbot. The rule assesses the email's body links, checking if they lead to downloadable files and verifying the branding and confidence level of the link's analysis. The detection method incorporates multiple analyses, including content analysis, file analysis, and optical character recognition (OCR) for screenshots. It also checks user sender profiles to decide if the email interaction was solicited and identifies malicious content patterns associated with known attacks, thus ensuring a comprehensive detection mechanism against socially engineered phishing attacks.