This detection rule identifies potentially malicious emails in G Suite Gmail that have suspicious subject lines and attachments typical of spear phishing attacks. The rule operates by scanning email logs for specific keywords in subject lines that are commonly associated with phishing attempts, such as terms related to parcel deliveries, invoices, and banking. In addition to the subject line, it checks for known malicious file types in the attachments, which can include documents and compressed files that are frequently used to distribute malware. The significance of this detection lies in its ability to pinpoint emails that may lead to unauthorized access or data breaches if left unchecked, making it a vital part of an organization's defense against phishing and other email-based attacks. To operationalize this detection, the organization must ensure they are ingesting the necessary G Suite logs with attachment metadata, allowing for comprehensive analysis and response to potential threats.