This rule detects the presence of specific Unicode characters (U+2044 and U+2215) within URLs in message bodies or linked URLs. The detection is accomplished by applying a regular expression that identifies URLs containing these characters, which are hidden within seemingly valid URLs. This type of URL manipulation can potentially deceive users into clicking on malicious links, facilitating credential phishing attacks or other malicious activities. The focus on these specific characters targets evasion techniques and social engineering tactics often employed by attackers. The average severity of incidents related to this detection is considered low, but it is crucial for organizations to implement it as part of their broader security posture against phishing and URL manipulation attempts. The rule operates by analyzing inbound message content and any URLs present, making it a critical tool for content and URL analysis strategies.