This rule detects Advance Fee Fraud (AFF) schemes, commonly seen in Business Email Compromise (BEC) scams, which solicit upfront payments in return for promised benefits such as lottery winnings or investment returns. It focuses on messages originating from freemail providers or domains known for suspicious top-level domains (TLDs). The detection mechanism utilizes Natural Language Understanding (NLU) to analyze the content of emails for common phrases associated with AFF, alongside technical checks that evaluate the sender's domain and the characteristics of email headers including reply-to addresses. A comprehensive set of conditions is specified, allowing the rule to intelligently identify potential fraud while minimizing false positives by assessing the sender's history and engagement patterns, as well as the message structure.