Detects inbound email attachments that are PDFs containing artifacts associated with eCheckRun lure campaigns (fake electronic payment invoices). The rule uses YARA to look for a specific signature rule named pdf_eCheckLure_format within PDFs attached to inbound messages. It requires an inbound message with at least one PDF attachment and a YARA match for the pdf_eCheckLure_format signature in the file contents. When matched, it flags potential Credential Phishing attempts leveraging legitimate-looking payment communications and PDF-based lures. Detection methods include file analysis and YARA scanning to identify the embedded indicators.