Detects inbound notifications from the Demio service that contain suspicious content patterns in the subject line. The rule matches messages where sender.email.email equals 'notifications@demio.com' and applies multiple content checks on subject.base. Checks include phone number patterns in various formats, dollar or USD amounts, suspicious top level domains, explicit content lures, and long action oriented subjects. The checks use case insensitive matching and confusable character handling to catch obfuscated text. Any match triggers a Spam alert and maps to social engineering and impersonation by brand techniques, using sender analysis and content analysis as detection methods.