This rule detects inbound emails attempting to impersonate the Bids & Tenders platform by flagging messages that appear legitimate through branding assets. It triggers when the email is either sent to itself or delivered to an invalid recipient (single recipient), and contains 1–9 links. It then requires that at least one link has a root domain different from bidsandtenders.ca while another link (or analyzed URL) references a Bids & Tenders domain (bids.bidsandtenders.ca) with a path containing /Logo/, indicating logo/assets loading from a non-legitimate host. The combination signals brand spoofing and social engineering designed to mislead the recipient into believing the message is authentic. This is categorized as credential phishing via brand impersonation and uses sender/recipient verification plus URL/content analysis to identify deception.