This rule detects potential brand impersonation attacks targeting the FedEx shipping provider, particularly through email. The primary focus is on analyzing the display names and email domains of incoming messages. The detection utilizes several conditions to identify fraudulent attempts: it checks for common variations in the sender's display name that resemble 'FedEx' and employs Levenshtein distance to catch minor typos or alterations in the name. Additionally, it assesses the sender's domain, filtering out known legitimate domains (like 'fedex.com' and 'sedex.com') while allowing for checks against high trust sender domains, unless they fail DMARC authentication. The rule also ensures that previously identified false positives are avoided by analyzing sender profiles to check for solicited messages. By employing a combination of header and sender analyses, this detection rule aims to mitigate risks associated with credential phishing, impersonation tactics, and look-alike domains, thereby enhancing email security against social engineering campaigns targeting FedEx customers.