The detection rule identifies potential fraudulent Request for Quote (RFQ) or Request for Proposal (RFP) emails that use HTML smuggling to obfuscate malicious content. Scammers often impersonate legitimate businesses to solicit sensitive information, leading to financial loss or data breaches. The rule employs various techniques including regex pattern matching on the email body and subject for phrases commonly associated with RFQs or RFPs, as well as inspecting attachments for specific file types associated with HTML smuggling like .html, .htm, and various compressed archive formats. Moreover, it analyzes JavaScript components within files to detect known patterns of evasion through constructs like 'document.write' and 'atob', which are often utilized in malicious scripts to manipulate or execute payloads. This comprehensive approach combines content analysis, file examination, and natural language understanding, enhancing detection efficacy against credential phishing threats.