This rule detects potentially fraudulent or credential phishing emails that exhibit a specific pattern: a short email body (under 1500 characters) containing a single deceptive link with display text that matches the email's subject line. The rule flags unusual recipient patterns, such as when the recipient's email address is included in the body text or when none of the recipients have valid domains. It also checks that the email contains fewer than 10 overall links, ensuring none are standard unsubscribe links. Additionally, it specifies that the deceptive link must not relate to the sender or recipient domains, filter out more common signature links, and still conform to the malicious characteristics like exhibiting phishing indicators based on analysis of the link and content. The detection ensures that the subject line is not involved in common signup processes, preventing false positives from legitimate communications.