This detection rule targets a specific form of Business Email Compromise (BEC), where attackers impersonate a VIP (Very Important Person) to request fraudulent donations to a charity. The rule checks for specific keywords commonly associated with charitable donations, such as "charity," "gala," and "donation" within the email body. It employs Natural Language Understanding classifiers to identify financial requests and checks if the sender's profile is either new or rare or has been known for more than 30 days without false positives, indicating possible malicious activity. Additionally, it analyzes the email's subject line for characteristics of a fake email thread, including prefixes like "RE:" or "FW:" and abnormal features in email headers to validate the authenticity of the communication. The comprehensive approach of combining content analysis, header checks, and sender behavior enhances the efficacy of detecting potential charitable donation fraud attempts targeting Accounts Payable departments.