This rule flags inbound PDF attachments that may be credential phishing attempts impersonating Adobe services (Adobe Acrobat Sign). It triggers when an attachment is a PDF and exhibits Adobe branding through one of two signals: (1) image-based branding detected by a logo recognition process showing an Adobe brand, or (2) OCR-extracted text containing phrases like “Powered by Adobe Acrobat Sign” or “Adobe Acrobat Sign.” Additionally, the OCR text must explicitly include the indicator “File Format: PDF,” suggesting a crafted document intended to resemble legitimate Adobe documents. All conditions are evaluated against inbound attachments, and a high-severity alert is generated when the criteria are met. The rule combines brand impersonation signals with a PDF format cue to identify fraudulent documents that imitate Adobe services. Detection methods include Computer Vision (logo/branding analysis), Optical Character Recognition (text extraction from the PDF), and general File analysis to assess the attachment content.