This rule is designed to detect potential brand impersonation of Square in communications. It flags messages where the sender's name closely resembles 'Square' (using Levenshtein distance), unless they explicitly belong to a trusted entity like 'SquareX'. The rule also employs machine learning to analyze screenshots of received files for the presence of Square branding with high confidence. Furthermore, it evaluates the text of the current email thread or any text extracted from screenshots using Optical Character Recognition (OCR) for topics relating to security, authentication, or notifications. Conversely, it disregards topics tied to legitimate newsletters or entertainment. The rule looks for high-confidence indicators of credential theft in both the body text and screenshots. To minimize false positives, it excludes senders from organizational domains or verified Square domains unless email authentication fails. It also weighs sender trust levels, ruling out those from unknown high-trust domains if they fail DMARC checks. Finally, the rule assesses whether the email is unsolicited or lacks proper authentication headers.