This detection rule aims to identify phishing attempts that impersonate the brand 'Punchbowl' by analyzing incoming email messages for specific phrases and characteristics associated with genuine Punchbowl invitations. The rule scans the body of the email to look for references to 'Punchbowl', specifically in the text and in the HTML alternative text. In particular, it targets the common phrasing 'You're invited' that is frequently used in legitimate invitations. Additionally, it verifies the authenticity of the sender by checking if the domain of the sender's email is one of the legitimate Punchbowl domains, namely 'punchbowl.com' and 'punchbowl.news'. Moreover, to minimize false positives, the rule enforces a character limit on the email content being analyzed, ensuring that only reasonably concise messages are evaluated. This multifaceted approach helps in distinguishing between actual Punchbowl invitations and unauthorized impersonations, thus mitigating the risks associated with credential phishing attacks through social engineering methods.