This detection rule targets potential Business Email Compromise (BEC) incidents involving VIP impersonation with urgent requests. The rule analyzes email content from untrusted senders who mimic the display name of individuals listed as VIPs in the organization. It utilizes machine learning classifiers to evaluate the email body, specifically looking for intents related to BEC and urgency requests. The rule is designed to reduce false positives by applying sender profile analysis, ensuring the detected senders are not common or have a reputation for spam. Additionally, it contains exclusions for SharePoint notifications generated internally and trusted sender domains, specifically those failing DMARC authentication. With a severity level classified as high, this rule is crucial in identifying and mitigating risks associated with impersonation and social engineering tactics.