This detection rule identifies emails that contain image attachments resembling fake Google sign-in warnings. The rule specifically targets inbound messages that possess certain characteristics to determine the legitimacy of the sign-in prompt. It analyzes the content of attachments, looking for signs typically associated with phishing attempts, such as the presence of a Google logo and specific phrases indicative of phishing tactics (e.g., 'new sign-in,' 'secure your account'). It also verifies that the links within the email do not lead to official Google domains like google.com, gmail.com, or googleapis.com, ensuring that phishing attempts are accurately flagged. Furthermore, the rule checks that the sender's domain is not among the organization's domains or Google itself, adding an additional layer of scrutiny. The detection methods employed include Computer Vision, File analysis, Optical Character Recognition (OCR), Sender analysis, and URL analysis, making it a comprehensive approach to identifying potential threats related to credential phishing via brand impersonation.