This rule aims to detect impersonation attempts of Bank of America, specifically targeting credential theft via phishing attacks. The rule utilizes several checks on the email sender to identify potential fraudulent behavior. First, it examines the sender's display name for an exact or similar match to 'Bank of America', using case-insensitive checks and a Levenshtein distance to account for minor typos. It also scrutinizes the sender's email domain for keywords related to Bank of America, ensuring that domains resembling 'bankofamerica' are flagged unless they are established trusted domains like 'bankofamerica.com'. Additional conditions are in place to exclude emails from trusted domains unless the email fails DMARC authentication, which adds an extra layer of scrutiny for legitimate senders. This multi-faceted approach helps to mitigate the risk of successful credential phishing attacks by filtering out deceptive attempts that mimic trusted institutions.