This detection rule aims to identify phishing attempts where malicious actors impersonate Wix, a popular website builder and hosting service. The rule focuses on analyzing inbound emails that display characteristics of Wix but do not originate from legitimate Wix domains. It employs a combination of sender display name and email domain analysis, using patterns such as regex matching and string comparisons to flag suspicious messages. If the sender's display name contains 'WIX' or the domain includes 'WIX' and the email does not pass DMARC authentication or is not from one of the trusted Wix domains, it raises a potential alert. Additionally, the rule negates trusted sender domains unless they fail the DMARC authentication, adding an extra layer of scrutiny. The tactics that might be employed by the attackers include impersonation, using lookalike domains, and general social engineering techniques aimed at deceiving recipients into providing sensitive information.