This detection rule identifies potential phishing attempts that impersonate the United Parcel Service (UPS). The rule analyzes inbound emails to discern whether the sender is attempting to mimic UPS communications. It checks for various indicators, such as the sender's display name, email address patterns, and a specific string present in the email body that relates to UPS. Additionally, it incorporates checks against a list of highly trusted sender domains, ensuring that only those failing DMARC authentication are flagged. Detection methods utilized in this rule include computer vision for logo recognition and sender analysis for email validation. The significance of this rule lies in its proactive approach to preventing credential phishing attacks that exploit brand trust through impersonation techniques, thereby safeguarding users from falling victim to malicious campaigns.