This detection rule identifies phishing attempts masquerading as voicemail notifications from untrusted senders. The methodology involves parsing email characteristics such as the sender's display name, subject line, and message body for specific voicemail-related keywords, phrases, or patterns, especially when accompanied by links or attachments that may harbor threats. The rule uses a combination of Natural Language Understanding (NLU) to analyze the intent of the message and heuristics to assess the likelihood of credential theft. Notably, it also inspects attachments, scrutinizes sender credibility via established email domains, and adheres to strict criteria to mitigate false positives from legitimate communications, making it robust against an active threat landscape where social engineering is prevalent.