This detection rule identifies potential brand impersonation attacks specifically targeting the Canadian interbanking network, Interac. The rule looks for anomalies in emails that mimic Interac communications, particularly around contexts often used for fraud, such as tax rebates and returns. Key indicators include variations in the sender's display name and email subject that closely match legitimate Interac patterns, as well as assessments of the sender’s trustworthiness based on their associated domain's DMARC status and a classification of their message content using natural language understanding techniques. It disregards communications from legitimate domains that pass DMARC checks, optimizing the detection of social engineering tactics that aim to deceive users into sharing sensitive information or conducting unauthorized financial transactions.