This detection rule is designed to identify credential phishing attempts that impersonate Chase bank by analyzing inbound messages. It performs checks on messages that may include attachments (limited to a maximum of three) or analyze the message body if there are no attachments. The rule checks for the presence of the Chase logo using machine learning (ML) detection techniques and enhances its confidence level through Link Analysis or Natural Language Understanding (NLU) approaches. Messages with all links pointing to recognized Chase affiliates are excluded from detection, as are those from high-trust sender domains unless they fail DMARC checks. The rule requires analysis of potential phishing links with a medium to high confidence level in their malicious intent or indications of credit theft from an NLU classifier. Moreover, the rule flags messages based on sender reputation and engagement history to identify potential threats more accurately.