This rule is designed to detect fraudulent activities by a group that registers domains resembling those of legitimate brands to conduct scams, primarily through the platform Namecheap. The group operates by creating lookalike domains with common corporate suffixes such as LLC, LTD, Inc, or Corp, to deceive individuals and organizations. They exploit Namecheap's private email service to send fraudulent quote requests that may seem legitimate. Following these requests, they attempt to order goods on credit, which are typically shipped to freight forwarders headed to high-risk regions, specifically Western Africa. Due to tightening regulations around cash transactions in such areas, these attackers are shifting their focus to acquiring physical goods directly. To mitigate risk, it is essential for recipients of flagged communications to rigorously validate the authenticity of these messages and confirm credit details before proceeding with any transactions.