This detection rule aims to identify fraudulent email scams centered around the giveaway of a piano, primarily targeting educational institutions. It utilizes a combination of content analysis techniques and natural language understanding to scrutinize the email body, looking for specific keywords and phrases typical of such scams. The rule checks for links in the email, length constraints on the email body, and common indicators of fraud like mentions of moving or downsizing, as well as references to shipping fees and free email providers. Additionally, attachment content is examined for similar patterns and characteristics. The rule also filters out high-trust domains to reduce false positives, ensuring that only legitimate suspicious emails are flagged for review. If the conditions of the rule are met, the system generates an alert which can assist in preventing financial or reputational damage to the associated institution.