This detection rule targets potential Business Email Compromise (BEC) attempts by scrutinizing emails received from unfamiliar senders. The analysis focuses on the text in the email body, particularly when the sender is not known to the recipient. The rule employs a Natural Language Understanding (NLU) classifier to identify intents indicative of BEC, specifically looking for high-confidence matches. It includes conditions to disregard legitimate email replies, such as 'RE:' and 'Automatic reply:' notifications. Additionally, the rule considers the sender's profile, checking previous interactions for malicious or spam indications while filtering out any recognized false positives. Furthermore, messages from trusted domains are scrutinized for DMARC authentication failures, ensuring that only potentially harmful emails are flagged. The comprehensive approach combines content, header, and sender analysis methods to effectively detect BEC attempts, thus enhancing email security.