This detection rule identifies emails that appear to be unsolicited and contain a mix of Cyrillic and Latin characters in either the subject line or the sender's display name. The rule establishes a condition where the email must have between 1 to 9 links, or no links if the body contains attachments and the current thread text is empty. Cyrillic vowels (а, е, и, о, у) are sought in the subject or display name alongside Latin characters. To avoid false positives, emails from Russian domains (TLD '.ru') and specific Google Calendar bounce emails, along with several other designated domains, are excluded. Furthermore, the email should be marked as unsolicited, ensuring it is not solicited by the recipient, reinforcing that it does not fall into previous false positive instances. This is aimed at detecting possible credential phishing attempts leveraging social engineering tactics.