This rule aims to identify Business Email Compromise (BEC) attempts that solicit mobile contact details from recipients. It specifically targets unsolicited messages characterized by a short body (less than 500 characters), which should not contain any attachments. The message body is scrutinized for key phrases related to mobile contacts, utilizing a regular expression that checks for terms like 'mobile', 'phone', and 'whatsapp' within a specified proximity of other indicative terms. The natural language understanding (NLU) tool is employed to classify the intent of the message, aimed at identifying high-confidence BEC or advance fee fraud intents. Additional criteria include being wary of responses that seem to have no genuine conversation history or that lack proper response threading, as evidenced by the absence of specific headers in the email. Lastly, senders with a clean profile (no previous spam or malicious messages) are considered less likely to trigger false positives, ensuring that the rule minimizes misclassification of legitimate communications.