This rule detects potential brand impersonation attacks targeting Stripe, primarily designed for credential theft. It identifies incoming messages where the sender's display name closely resembles 'Stripe' by using various string manipulation techniques to account for typographical errors and Unicode confusables. The detection logic features checks for display names that either match 'stripe' directly, start with 'stripe', or have an edit distance of one or two from 'stripe'. Additionally, it excludes specific English words to minimize false positives and verifies that the sender's domain is not from a trusted source such as 'stripe.com'. Moreover, the rule ensures that messages containing a custom Stripe header are not flagged, focusing instead on potential impersonation attempts that bypass common security measures. Overall, it encapsulates a robust method for safeguarding against brand impersonation attacks across email communications.