This inbound rule detects messages attempting to impersonate a legitimate sender by using visually confusable characters to present a sender verification banner. It normalizes text with strings.replace_confusables on the main thread body (body.current_thread.text) and on banner text (body.current_thread.banners.*.text), then searches for a phrase matching This sender has been verified fro(?:m|rn) safe senders list using a regex. If a match is found in the primary content or any banner text, the rule triggers. This is designed to catch BEC/Fraud and Credential Phishing attempts that employ evasion and social engineering to deceive recipients. Data source is content-driven analysis on message/text data, with a detection method of Content analysis.