This detection rule aims to identify inbound messages that attempt to impersonate Trust Wallet, primarily focusing on false display names and fraudulent linking strategies often used in credential theft schemes. The rule analyzes sender information by manipulating display names to match known patterns associated with Trust Wallet, allowing for common character confusion. It also assesses the message content for indications of fraud through the application of a natural language understanding (NLU) model, which identifies potential malicious intents such as credential theft or scams with high confidence scores. Furthermore, it contrasts sender domains against a list of high-trust sender domains, ensuring that even trusted senders are scrutinized if they fail DMARC authentication. This comprehensive approach helps mitigate risks associated with business email compromise (BEC) and credential phishing attacks targeting users of Trust Wallet.