This rule detects potential callback phishing abuse in Calendly notification emails. It triggers on inbound messages where the sender is Calendly's no-reply address (no-reply@calendly.com) and the message body (body.current_thread.text) is analyzed by an ML natural language understanding classifier. If the classifier returns an intent named 'callback_scam' with a confidence level above 'low' (i.e., medium or high), the rule fires. The detection targets social engineering attempts that impersonate the Calendly brand to prompt a callback, aligning with callback phishing tactics. Detection methods used include Natural Language Understanding and sender analysis. The rule requires access to the inbound message content, thread context, and a trained NLU model to assign confidence to intents.