This detection rule targets potential Business Email Compromise (BEC) attempts from untrusted senders, specifically focusing on emails that contain common French language phrases associated with fraudulent activities. It operates by examining inbound emails that come from first-time senders and checking for the presence of specific patterns in both the email subject line and body. The rule incorporates a natural language understanding (NLU) classifier to confirm that the email text is in French, while also employing regex patterns to look for key phrases that are commonly seen in BEC scams, such as references to banking changes or requests for sensitive information. It further enhances its reliability by excluding replies to previous threads and messages from known trusted domains, provided those domains pass Domain-based Message Authentication, Reporting & Conformance (DMARC) checks. This multi-faceted approach helps to minimize false positives while effectively identifying potentially risky communications.