This detection rule identifies potential phishing attempts leveraging Monday.com infrastructure by analyzing messages and attachments for unauthorized use of Monday.com tracking links. It focuses on unusual senders lacking proper authentication while excluding legitimate replies and authentic communications from trusted domains that adhere to DMARC standards. The detection mechanism employs various criteria, including the presence of links in the message body, attachment types, QR code scanning, and detailed header analyses to ascertain the sender's legitimacy. Moreover, it evaluates specific attributes such as the presence of certain keywords and the structure of the subject line to mitigate false positives from benign communications.