This rule is designed to detect potential Romance scams, a specific type of Business Email Compromise (BEC) fraud where scammers feign romantic interest in their victims to gain trust and exploit them financially. The rule employs several indicators to identify such scams in email communication. It checks for key characteristics including: absence of links or the presence of a single link that does not match the sender's domain, ensuring that these emails are free from attachment which is a common tactic of reliable communication. The rule also recognizes specific honorific titles in the sender's display name, acknowledging the personal approach often used in these scams. Additionally, it scans the email content for the presence of an email address and a freemail domain, common in scam correspondence. It flags common phrases associated with scams, including references to personal information or vague entreaties for contact. The sender's profile is analyzed for prevalence patterns to identify any suspicious behavior, concentrating on new or outlier profiles or any malicious messages without false positives. Overall, the rule combines these elements to effectively identify potential Romance scams and mitigate associated risks.