This detection rule aims to identify potentially malicious messages based on specific patterns found in the sender's display name. It focuses on cases where the display name contains the term 'kindly' in conjunction with various urgent action indicators typically found in social engineering tactics. These indicators can include terms such as 'urgent', 'ASAP', 'verify', 'confirm', and 'expedite', which are often employed in business email compromise (BEC) or phishing attacks to prompt immediate action from the receiver. The rule utilizes sender analysis, checking the display names of inbound messages to flag those that meet the criteria. Recognizing such patterns can significantly enhance defenses against BEC and credential phishing attacks, which often exploit urgency and polite language to lower the recipient's guard.