This detection rule aims to identify potential credential theft attempts and financial fraud associated with messages originating from the sendthisfile.com domain. It effectively utilizes natural language understanding (NLU) to analyze the content of messages by assessing the presence of specific intents and topics. The rule triggers if an inbound message includes credible indicators of credential theft, marked by a confidence level that is not categorized as 'low', and simultaneously discusses topics relating to financial transactions, also with a non-low confidence level. Further screening ensures that the message is neither a reply nor a forward, adding an extra layer of scrutiny to detect potentially malicious activities. The rule covers tactics related to social engineering and makes use of content analysis alongside sender analysis to enhance its effectiveness in identifying Business Email Compromise (BEC) and financial phishing attempts.