Detects inbound messages that impersonate legitimate discount campaigns and steer recipients to googleapis.com domains. The rule triggers when the inbound thread text contains common discount phishing motifs (e.g., greeting with personal email, wording like 'participation is voluntary', 'limit one discount', 'limited time offer', 'code', 'survey') and, in addition, matches a claim of a discount percentage or a question in the message. It requires at least one URL in the message pointing to a googleapis.com domain. The message is further classified by an NLP classifier to ensure promotional intent (topic 'Advertising and Promotions'). To reduce false positives on legitimate senders, the detection is negated when the sender's domain is in a high-trust list and DMARC authentication passes. The rule is categorized under BEC/Fraud and aligns with social engineering and potential use of free file hosting. Detection methods include content analysis, HTML analysis, and URL analysis. It supports inbound message pipelines and relies on message body, link parsing, and DMARC headers. Potential limitations include evasion by non-googleapis URLs, generic discount language, or trusted partners who fail DMARC; care should be taken to tune the high-trust list and the DMARC checks to minimize false positives or negatives.