Detects inbound emails with ICS calendar attachments whose event links contain multiple URL query parameters, where the base64-decoded concatenation of the decoded query parameters matches the recipient's email address. The rule leverages a beta ICS parsing feature to extract ICS events and links, inspects links with more than one query parameter, and concatenates up to several decoded query_param values from the display URL. If the resulting string equals the target recipient's email (recipients.to[0].email.email), it signals credential phishing or targeted social engineering via personalized calendar links. This technique can be used to track or lure specific targets and may bypass generic defenses by hosting phishing URLs inside calendar invites. Detection focuses on file analysis (ICS attachments), URL analysis (query parameters and base64 decoding), and content analysis of the URL and ICS content. The rule is marked high severity and aligns with credential phishing and ICS phishing tactics.