This detection rule identifies potential phishing attempts that impersonate Google Meet services. Specifically, it looks for messages that contain the phrase 'Join with Google Meet' but redirect to URLs that do not belong to the legitimate domain 'meet.google.com'. It utilizes several checks to differentiate between legitimate communications and malicious ones. Firstly, it looks for links with the specified display text, validating that the links do not lead to the official Google Meet domain. Additionally, it inspects the HTML content of the message for the presence of certain logo images or specific styled buttons indicative of a phishing setup. It also checks whether key elements typically found in authentic Google Meet invitations, such as certain tables indicating guest information, are absent. By applying these filters, the rule effectively narrows down potential threats while reducing false positives from legitimate messages.