This detection rule focuses on identifying potentially fraudulent messages that include attachments referencing known fake identities associated with FC Barcelona scams, specifically targeting the impersonation of a fake lawyer named Michael Gerardus Hermanus Demon and sports agents with the surname Giuffrida. The rule analyzes inbound messages that contain exactly one attachment, examining properties such as EXIF metadata to determine the creator of the document. The detection mechanism employs advanced content analysis techniques, including parsing EXIF metadata, performing Optical Character Recognition (OCR) on attachment text, and examining the message body for specific terms related to these fake identities. The high severity rating indicates a significant threat level associated with such scams, which often involve Business Email Compromise (BEC) and social engineering tactics.