The detection rule titled 'Brand Impersonation: Vanguard' is designed to identify potential phishing attempts and fraud wherein attackers impersonate the brand Vanguard. It evaluates incoming messages by assessing the sender's display name and email domain against patterns suggesting they are misleadingly similar to 'Vanguard'. The rule handles both string similarity techniques, such as case-insensitive checks and Levenshtein distance comparison, to determine if the display name or email domain contains the brand's name. Furthermore, the rule leverages advanced machine learning techniques to scan the message content and any associated screenshots for high-confidence indications of subjects typically associated with security, authentication, or financial communications. Importantly, the rule includes safeguards to rule out legitimate communications by excluding sender domains that belong to known Vanguard addresses or trusted organizational domains, including checks for DMARC authentication. Finally, it assesses the solicitation status of the communication to further ensure it is not a legitimate request initiated by the receiver.