This rule is designed to detect fraudulent emails impersonating SumUp's receipt services, specifically targeting phishing attempts that involve the use of counterfeit invoices or receipts. It evaluates emails where the sender domain is 'sumup.com', and analyses the contents of the email body for key phrases typically associated with scams, such as 'you did not' or 'fraud alert'. The rule also incorporates complex regex patterns to identify the presence of phone numbers that are commonly included in phishing messages. These checks are combined with an analysis of content richness to determine if four or more indicative phrases related to unsolicited requests or urgency are present. Additionally, the detection rule includes filters for various obfuscation techniques that might be used to disguise the true nature of the email. This detection approach leverages content analysis, header analysis, and sender authenticity checks to protect users against 'Business Email Compromise' and 'Callback Phishing' tactics, emphasizing social engineering and evasion techniques employed by threat actors.