This detection rule targets email impersonation attacks specifically aimed at Barracuda Networks, a well-known IT security provider. The primary goal of this detection is to identify instances where an attacker attempts to impersonate Barracuda Networks by spoofing the sender's display name or email domain. The rule employs several string pattern matching techniques to determine if the sender's display name contains variations of 'Barracuda', for instance, using case-insensitive matching or Levenshtein distance to capture slight misspellings. In addition, it checks if the sender's email domain closely resembles or contains 'barracuda', while explicitly excluding known legitimate Barracuda domains to reduce false positives. The rule further analyses the sender's profile to identify new or outlier behaviors and to discern any reported malicious activity without corresponding false positives. As part of the detection process, header and sender analyses are employed to bolster the reliability of these investigations. This rule is pertinent to combating credential phishing attacks that utilize social engineering tactics through brand impersonation.