Detects scam content impersonating employer review/rating platforms (e.g., Glassdoor, Indeed, Comparably, Great Place to Work) that solicits the recipient to review or rate their employer. The rule analyzes inbound messages for three signal groups: (1) deception intent via ML/NLU intents cred_theft or job_scam with non-low confidence; (2) explicit review solicitation phrases referencing employer/workplace/job reviews, ratings, feedback, or platform names in body and subject; and (3) credential harvesting or monetary incentive cues (password or credentials requests; gift cards or cash rewards). It also flags messages that attempt credential collection or monetary inducements while excluding legitimate senders by checking sender domains against a trusted-domain list and requiring a non-failing DMARC reading for those domains. The detected attack types are BEC/Fraud and Credential Phishing, with tactics including social engineering and brand impersonation. Detection methods include content analysis, natural language understanding, header analysis, and sender analysis. This rule helps reduce phishing that abuse employer review brand names while maintaining a low false-positive rate by excluding trusted contacts.