This detection rule identifies potentially malicious emails from first-time senders that include free file sharing links and exhibit urgency-laden language, which are common tactics in phishing and fraud schemes. The rule evaluates sender profiles, ensuring the message is unsolicited and that the sender's email reputation is new or an outlier with no previous benign messages. It looks for URLs belonging to known free file sharing hosts and requires urgent language in the email body or subject, specifically looking for keywords associated with immediate action or deadlines. Additionally, it checks for mismatched link text, limiting the number of links assessed, and ensuring that the domains don't belong to trusted sources like Mimecast. This combination of checks aims to catch a variety of attacks such as Business Email Compromise (BEC), extortion, and credential phishing by exploiting urgency and social engineering techniques.