This detection rule identifies potentially malicious messages that utilize hidden tracking images for the purpose of tracking user engagement and behavior. It specifically targets messages where an image is embedded with attributes that conceal its visibility in the email client, such as using `style='display: none'` or `style="display: none"`. These images often have tracking parameters in their URLs, typically containing `'/track?rid='`. The rule merges two critical analysis strategies: content analysis of the HTML body and specific string matching for these tracking elements. The severity of detection is rated as high due to the potential risks of credential theft that can arise from phishing campaigns leveraging such techniques.