This rule detects scam messages that impersonate an estate sale offering welding equipment and tools. It targets outreach claiming items originate from a deceased relative’s estate or relocation and that shipping arrangements are required. The rule uses multi-layered content heuristics to flag messages that mention specific welding brands (Miller, Lincoln Electric, Hobart, ESAB, Fronius, Everlast, Hypertherm, Thermal Dynamics) in proximity to welding-related terms (welder, welding, TIG, MIG, plasma cutter) and to identify references to related machinery or tools (generator, chainsaw, excavator, skid steer, tractor, mower, backhoe). It also flags language indicating items are available for sale, rehomed, gifted, donated, or given away, and it looks for emotional manipulation cues such as mentions of a late relative and estate-related context to create legitimacy. The rule includes patterns for shipping-focused language (shipping cost, delivery only, no local pickup) and requests to contact through alternative channels, which are common BEC/fraud indicators. It uses broad heuristics for tool-related offers (toolbox, kit, box, collection; “free,” “gift,” “donation,” “rehome”) and checks for phrases that imply a personal, urgent, or once-in-a-lifetime opportunity. The detection workflow combines content analysis with sender/header signals: potential mismatches in reply-to vs. from addresses, use of free email providers, lack of conventional contact paths, and indicators of out-of-band communication. Attacks are categorized as BEC/Fraud with tactics including Social engineering, Free email provider usage, and Out-of-band pivot. The rule’s outputs rely on content analysis, sender analysis, and header analysis to identify high-confidence scam messages in postings or messages about estate sales and welding-tool items.