This detection rule identifies potential open redirect vulnerabilities associated with the domain queue.swytchbike.com, which has been abused for credential phishing attacks. The rule inspects inbound messages, focusing on any links that lead to the specified domain and contain specific path and query parameters indicative of a phishing attempt. Particularly, it looks for links where the path includes '/order' and the query parameters contain 'target='. To ensure the rule only triggers on unsolicited messages, it also verifies that the sender's root domain differs from swytchbike.com and that the return path domain is similarly disallowed. The rule incorporates a check against a list of high trust sender domains and considers DMARC authentication failures to reduce false positives from legitimate trusted sources. Overall, the objective is to flag messages that may be misleading users into visiting a potentially harmful redirect.