This detection rule identifies inbound messages that impersonate Discord's notification system. Several indicators are checked: display name spoofing, domain similarity, logo usage in images, and the presence of specific notification-related text in the subject line. An impermissible sender display name invokes a similarity check using a Levenshtein distance metric, allowing for close but incorrect display names. Additionally, the rule inspects sender domains for those similar to 'discord' and utilizes image analysis to detect the Discord logo in both message attachments and screenshots. Importantly, it excludes messages from trusted domains like 'discord.com' that pass DMARC authentication, reducing false positives by filtering out recognized sources of legitimate messages. The rule also captures various common notification phrases typically used in Discord communications, enhancing its ability to detect phishing attempts.