This detection rule identifies potential phishing attempts involving fake voicemail notifications delivered through email. It specifically targets inbound messages that contain a single-page PDF attachment that purports to be a voicemail or missed call notification. The rule employs several conditions to filter malicious messages effectively: it checks that only one attachment is present, ensures the subject line does not include the word 'fax' (commonly used in phishing), and verifies that the language of the email and the PDF content is English. By analyzing the text of the email and the contents of the PDF, the rule identifies high-confidence topics related to voicemail notifications. Additionally, it scans for URLs or QR codes within the PDF to identify potential phishing links. The final condition ensures the PDF is a single page, which is a common characteristic of phishing documents designed to appear legitimate.