This rule is designed to detect callback phishing attempts that leverage e-signature services by analyzing inbound messages that contain specific keywords related to technology support and e-signature topics. The detection focuses on messages that impersonate trusted brands, such as PayPal and Norton, and contain language suggesting financial transactions. Important criteria include the presence of a paired phone number and a specific number of keywords that indicate urgency, all while ensuring that the message has no attachments. The rule checks multiple conditions within the message’s header and body, such as the sender's domain to filter out free email providers and the SPF or DMARC authentication results to validate the sender's credibility. The overall goal is to identify and mitigate potential phishing scams that entice recipients into providing personal information or making transactions through manipulation and urgency.