This rule identifies potentially malicious inbound emails that contain keywords related to compensation alongside review or evaluation terms. Specifically, it targets messages with EML attachments that include QR codes or barcodes, suggesting the presence of malicious links or references intended for credential phishing attacks. The detection logic utilizes conditions involving subject lines that mention terms like "salary", "bonus", "review", and others, combined with a verification of attachment content types and extracted text via optical character recognition (OCR). The presence of QR codes or barcodes in a scanned document, along with their analysis, strengthens the detection capability by flagging potentially dangerous communications aimed at stealing sensitive information.