The rule titled 'Unicode QR Code' is designed to identify potential phishing attempts that utilize visually deceptive Unicode block characters, specifically within the range of U+2580 to U+259F. These characters are often arranged in a QR code-like manner over multiple lines, which can mislead users into interacting with malicious content. The detection engine employs pattern matching to analyze the content of messages, counting the instances of these Unicode blocks while assessing their formatting and ensuring they meet specified criteria, such as a minimum count of characters and a threshold of line breaks. Crucially, the rule also evaluates the sender's reputation based on historical behavior; it flags messages from senders that are not commonly known, or who have a history of sending malicious or spam messages without generating false positives. The overall approach balances both content analysis—searching for QR code patterns—and sender analysis to enhance the likelihood of accurately detecting phishing attempts that leverage QR codes based on Unicode manipulation.