This detection rule addresses the risk of brand impersonation specifically focusing on the Toronto-Dominion Bank (TD Bank) and its associated brands like TD Canada Trust. It aims to identify potentially fraudulent communications through a combination of methods including display name spoofing and suspicious content indicative of security threats. The rule checks for variations in the sender's display name that resemble 'TD Bank' and 'TD Canada Trust', including Levenshtein distance to catch minor misspellings. It also employs machine learning to detect logos related to these brands within message screenshots with high confidence scores. Additionally, the rule analyzes the content of the email threads and screenshots for relevant topics and intents associated with security, authentication, or credential theft, while filtering out irrelevant content such as entertainment or newsletters. The rule further cross-examines sender domains against known TD domains and high-trust sender lists to prevent false positives from legitimate communications. Overall, it combines multiple detection methodologies such as natural language understanding, computer vision, and header analysis to enhance the accuracy in identifying phishing attempts.