This detection rule identifies phishing attempts that impersonate Stripe by analyzing the characteristics of incoming emails. The rule looks for emails where the display name or the domain closely resembles 'Stripe', either through string matching techniques or slight variations. It considers the presence of links in the email body that lead to domains differing from 'stripe.com', particularly those labeled with call-to-action phrases indicating potentially malicious intent. Additional check parameters involve sender domain authentication results (e.g., DMARC), ensuring any domain flagged as high trust has passed these checks before being excluded from alerts. The overall goal is to catch well-crafted phishing emails that could easily deceive end-users into revealing their credentials through social engineering tactics.