Detects inbound PDF attachments (2–3 pages) where the header text on the first page appears nearly identical across pages (Levenshtein distance <= 5) and where the document contains RFQ procurement language indicative of fraudulent BEC schemes. The rule uses beta OCR to extract page text, captures the first three header lines from page 1, and requires that either page 2 or page 3 contains header lines very close to the first page’s. It then enforces that at least three of four groups of RFQ-related phrases are present, such as contact/date/closing details, payment and pricing terms, 80/20 supplier preference language, and standard signature/PO disclaimers. This combination targets fabricated or manipulated procurement documents used in fraud. The rule relies on optical character recognition, content analysis, and file analysis, and marks detections as BEC/Fraud with a focus on PDF attachments and social-engineering-like document impersonation. Note: it uses beta features (beta.parse_exif, beta.ocr) and may be subject to changes as the beta feature evolves, and OCR accuracy can affect detections.