This detection rule aims to identify suspicious recruiting messages originating from trusted platforms such as Salesforce, LADesk, or AWS Apps. It specifically targets inbound messages that exhibit certain characteristics indicating potential social engineering activity. The rule checks for unusually long sender email addresses (50 characters or more) and employs natural language understanding to categorize the content of the messages. It flags communications that contain recruiting language patterns commonly used in fraudulent outreach, such as references to talent acquisition or phrases signaling interest in the recipient's professional profile. Additionally, the rule intelligently differentiates between genuine recruiting attempts and spam or reminder notifications by using confidence levels associated with the detected topics. This automation allows for efficient filtering of potentially harmful communications from otherwise legitimate services, thereby enhancing security posture against business email compromise (BEC) and related fraud.