This detection rule identifies instances of brand impersonation specifically targeting the Gemini Trust Company through analysis of various text elements in communications. The rule checks for indicators suggestive of phishing attempts, especially examining the footer content of messages to find specific references to Gemini Trust Company and its location. It employs regex and string matching techniques to confirm the presence of information like the company's address and name, eliminating legitimate communications by excluding messages from verified domains such as gemini.com and niftygateway.com. Additionally, logo detection technology is utilized to validate the sender's name against visual indicators present in screenshots of the message. The rule also examines links within the message footer, counting those that connect to official Gemini social media profiles or support pages, necessitating a minimum of four such links to trigger an alert. Moreover, the rule excludes messages that are replies or forwards to reduce false positives. The overall goal is to protect users from potential credential phishing attacks by identifying misleading communications impersonating Gemini's established brands.