This detection rule identifies potentially fraudulent emails related to tax preparation, often associated with the threat actor TA576. The rule is triggered when an inbound email from an unknown sender requests assistance with tax services and contains specific patterns that indicate suspicious intent. Key indicators include the absence of links or attachments, the email's subject and body containing terms related to tax preparation, and anomalies in email headers. For instance, the sender's domain should not match known domains, and communications should not be solicited by the sender according to their email profile. Additionally, patterns of social engineering tactics are detected by analyzing the content of the email for excessive urgency or requests for personal information. Overall, the rule employs a combination of natural language analysis, content filtering, and profile evaluation to assess the risk associated with the message and flag it for further investigation.