This detection rule identifies phishing attempts that use invisible Unicode characters in the title tags of URLs to mask fraudulent pages. The rule targets inbound messages directed at only one recipient with a valid email domain, containing between one and fourteen links. Furthermore, it ensures the current email thread is under 11,000 characters in length, which maintains a reasonable threshold for analysis. By analyzing the content for specific Unicode characters indicative of malicious intent and checking against unsolicited messages, the rule aims to uncover credential theft strategies embedded within the text. It leverages advanced detection methods such as Natural Language Understanding and various forms of content and URL analysis to improve robustness against evasion tactics commonly used in social engineering attacks. The severity is classified as high due to the potential for significant user data compromise if such phishing tactics succeed.