This rule detects inbound messages that appear to be B2B cold outreach requesting recipients to view an attachment. It triggers when the inbound event is observed, the subject contains a substring matching 'invit' (case-insensitive), and the message body contains no links. It then searches the current thread text for a phrasal pattern suggesting an attachment (regex: (?:please|find|view).{0,50}attached) to capture variations like 'please attach', 'please find attached', or 'view attached'. The rule permits either zero attachments or exactly one image attachment (i.e., length(attachments) == 0 or length(attachments) == 1 with all attachment file types being images). Additionally, it leverages an NLU classifier on the thread text to detect the topic 'B2B Cold Outreach' with high confidence. Combined, these checks point to a business-to-business outreach message that uses an image as content and does not rely on links, flagged as high-severity for potential spam/social engineering. The rule’s detection methods include content analysis, natural language understanding, and file analysis; the attack type is Spam, and the tactics/techniques focus on Social engineering and Image as content.