This detection rule aims to identify brand impersonation attacks targeting Meta and its subsidiaries, particularly Facebook and Instagram. The rule operates mainly through email analysis, primarily focusing on the sender's display name and email domain. It checks for specific phrases and closely resembling string patterns in sender names to flag potential phishing attempts. It utilizes techniques such as Levenshtein distance to catch minor variations that could indicate a spoofing attempt. Additional layers of detection involve analyzing logos through screenshots, and natural language understanding (NLU) to classify the intents of message contents. The rule also ensures that messages sent from known Meta domains bypass detection to reduce false positives and targets messages that come from suspicious or untrusted senders. This comprehensive approach combines both keyword matching and advanced statistical analysis to improve accuracy in detecting phishing attempts against Meta's brand.