This detection rule is designed to identify instances of brand impersonation specifically targeting Saudi Aramco, a major player in the petroleum and natural gas sector. The rule employs multiple criteria for detection, including examining the sender's display name, email domain, and subject line to see if they include variations of 'Aramco'. It leverages Natural Language Understanding (NLU) to classify entities in the communication, looking for financial requests and urgency indicators in the body of the message. Additional checks ensure that the sender's domain is not a legitimate Aramco domain or any trusted domains that have failed DMARC authentication. Moreover, it excludes communications regarding Aston Martin when related to Formula One to avoid false positives originating from well-established partnerships. This holistic approach aims to mitigate risks associated with Business Email Compromise (BEC) and fraud tactics by detecting potential social engineering efforts targeting individuals or organizations that frequently interact with Aramco.