This detection rule identifies spam emails that promote untrustworthy Mastercard credit cards by analyzing the content of incoming messages. It focuses on messages that consist mainly of image-based content, indicating potential evasion techniques commonly used in phishing attacks. The rule specifically searches for financial communications and promotional topics within the visual elements of emails, excluding any legitimate correspondence related to Mastercard transactions. To enhance detection accuracy, the rule includes criteria that assess the sender's credibility by examining DMARC authentication results. Legitimate messages from high-trust domains that pass DMARC checks are disregarded, while those that fail are scrutinized. The detection utilizes a combination of techniques, including optical character recognition (OCR) and natural language understanding (NLU) for content analysis, along with header analysis to evaluate the sender's authenticity.