This detection rule identifies email messages where the sender and recipient share the same email address, a common tactic in social engineering and credential phishing attacks. Specifically, it targets emails with a PDF attachment that contains minimal content; notably, the text 'VIEW PDF' and a message body prompting the recipient to view the attachment. This behavior is indicative of phishing attempts or unwanted malware delivery that aims to evade traditional detection methodologies. The rule employs a combination of checks, including verifying the sender's email, checking for a single recipient, and analyzing the content of the email body and attachments. The rule also includes a logical structure to filter and evaluate attachments to detect potential threats effectively. Given its medium severity, it is crucial for organizations to employ this rule to bolster their email security posture against emerging phishing and malware threats.