This detection rule aims to identify suspicious file-sharing activity through Dropbox by analyzing inbound messages that indicate file sharing. It uses multiple conditions to assess whether the email is legitimate based on the sender's infrastructure while looking for common phrases in the subject line that suggest potential phishing or fraud attempts. The rule checks if the email originates from a trusted Dropbox email and passed relevant SPF and DMARC checks. It then inspects the subject line for keywords like 'shared' and 'with you,' along with commonly abused terms associated with business processes (e.g., finance, compliance, HR) that attackers frequently use to lure victims. Additional patterns include references to files, invoices, contracts, and typical themes of phishing such as urgency or verification codes. By combining sender analysis, header evaluation, and content examination, this rule effectively mitigates risks related to BEC (Business Email Compromise) and phishing attacks.