This rule aims to detect Issuu documents that potentially harbor malicious embedded links, especially when those documents are configured to open in full screen mode. The detection process involves analyzing the URLs present in the document for suspicious indicators, particularly focusing on links with questionable top-level domains and concerning language patterns associated with credential phishing. The logic first validates that the document originates from `issuu.com` and contains specific query parameters that trigger the full-screen mode. It then scrutinizes the embedded links for specific characteristics, such as a limited number of links in the document and checks their domains against known suspicious and free subdomains, as well as identifying any links flagged by machine learning link analysis as phishing. Additionally, the rule examines the textual content of the document using Natural Language Understanding (NLU) to detect signs of credential theft by classifying the language used in the document. The rule ultimately evaluates the sender email profile to ensure that no previously benign messages from the sender have been recorded, thereby enhancing the accuracy of the detection.