This detection rule identifies potentially malicious inbound messages containing links to Adobe Acrobat-hosted PDF documents that exhibit common characteristics of phishing attempts. Key indicators include documents with minimal text, the presence of brand logos (particularly from recognizable companies like DocuSign or Adobe), and the message's originating email domain not being 'adobe.com'. The rule employs various analytical techniques such as Optical Character Recognition (OCR), URL analysis, and header examination to confirm suspicious aspect of the message. Specifically, it verifies that the document is a single page and checks for unusual branding behavior or text indicative of phishing attempts, thus aiding in identifying threats like credential phishing through sophisticated multistage attacks.