This detection rule identifies suspicious communications originating from unsolicited senders that contain links to Looker Studio (lookerstudio.google.com). The rule is specifically designed to flag messages that include non-standard Looker Studio templates and may be indicative of credential phishing attempts. It engages a multi-faceted analysis by examining various elements of an email, including the sender's profile, message body, and URL contained within the message. The rule checks for specific phrases that are red flags for phishing, such as 'shared with you' or 'View Document', alongside scrutinizing the domain of the links present in the message body. Additionally, it filters the alerts forSender domains by evaluating their prevalence categorization, ensuring that messages from new or outlier senders are scrutinized unless they belong to a high-trust sender domain that fails DMARC authentication. This approach helps reduce false positives by excluding trusted sources while still capturing potentially malicious communications.