Detects inbound messages containing links with URL fragments that encode recipient email addresses via a 'Family' parameter. The rule handles multiple encodings (base64, double base64, hex) and can extract both plain-text and encoded emails, including common template distortions. It uses URL and content analysis to identify targeted credential phishing attempts where attackers embed recipient-specific data in fragments to bypass simple filters, and flags high-risk messages accordingly.