This detection rule is designed to identify potential brand impersonation attacks specifically targeting PNC Financial Services. The rule evaluates incoming email messages based on several criteria. First, it checks if the sender's display name contains 'PNC', if their email domain includes 'PNC', or if the subject of the email mentions 'PNC', while ensuring that the sender's domain does not include 'pnc.com' or 'pncbank.com' and has a different top-level domain (TLD). Additionally, it employs machine learning to analyze any logos in the message screenshots for confidence levels categorized as medium or high, further identifying possible impersonation attempts. The sender's profile is checked for message prevalence as either new or outlier, or if any messages are malicious or spam without being erroneous false positives. To reduce the risk of false positives, the rule also accounts for highly trusted sender domains and checks if they have passed DMARC authentication. If not, they are flagged for further examination. Overall, the rule utilizes multiple detection methods like computer vision and sender analysis to determine the legitimacy of the email communication related to PNC, aiming to mitigate credential phishing risks.