This rule detects potential Business Email Compromise (BEC) and fraud scams related to COVID-19 by analyzing emails for discrepancies between the sender and reply-to addresses, especially when they involve free email providers. The detection mechanism looks for specific honorifics and warns of urgency or request phrases that suggest financial assistance. It closely examines the email subject and body for mentions of COVID-19 assistance, compensation awards, or related organizations, also checking for language that indicates a financial claim or award. Furthermore, the rule negates trusted sender domains under certain conditions and evaluates the sender's messaging history to identify any previously malicious behaviors. This comprehensive analysis aims to mitigate the risk of COVID-19 themed fraud.