This detection rule identifies cases where a user sends an email to themselves that includes a link which contains quarterly indicators (such as 'q1_', 'q2_', 'q3_', or 'q4_') in the context of a document review request. The rule targets instances where the message requests urgent feedback on a specific document, typical of Business Email Compromise (BEC) or credential phishing. The filtering mechanisms ensure that the email is self-sent (i.e., the sender and recipient email match or the recipient’s domain is invalid) with no additional recipients in 'cc' or 'bcc'. Furthermore, the rule examines the domain of the link to prevent evasion techniques by ensuring the link is not from the same second-level domain (SLD) as the sender's email, thus mitigating risks from similar-looking domains. This rule employs content, header, sender, and URL analysis to effectively detect potential threats.