This rule aims to detect potential credential phishing attempts through emails that exhibit specific suspicious indicators and engaging language patterns hinting at credential theft. The detection focuses on analyzing both the subject line of incoming messages and the sender's display name to identify hints typical of phishing schemes. It uses a combination of regex patterns to search for phrases that often indicate urgency, account issues, or required actions while also keeping in mind known indicators of malicious senders. Additionally, it employs natural language understanding (NLU) techniques to classify intents and entities in the email body, enhancing its ability to filter out common phishing tactics based on analyzed links and the sender's email domain. The rule is particularly sensitive to messages from untrusted senders and looks for specific entities that suggest the likelihood of credential theft. Overall, it is designed to bolster defense mechanisms against a variety of phishing attacks categorized under a medium severity level.