This detection rule is focused on identifying potential brand impersonation attacks targeting Fastway Couriers, which is a delivery service operating in Ireland and South Africa. The rule specifically looks for inbound messages where the sender's display name contains 'fastway' or closely resembles 'fastway couriers' based on a Levenshtein distance of 1 or less. Additionally, the rule excludes emails from highly trusted domains that successfully pass DMARC authentication to mitigate false positives. It also checks that the sender does not have any benign history or solicited messages associated with their profile, ensuring that the detection primarily targets suspicious sender behavior. This rule categorizes the threat as medium severity, focusing on credential phishing attacks that rely on brand impersonation techniques, lookalike domains, and social engineering strategies. The use of sender analysis as a detection method helps identify potentially harmful emails that mimic a trusted brand.