diff --git a/detection-rules/impersonation_quickbooks.yml b/detection-rules/impersonation_quickbooks.yml
index b9b3fa0a8eb..c260ad0a388 100644
--- a/detection-rules/impersonation_quickbooks.yml
+++ b/detection-rules/impersonation_quickbooks.yml
@@ -12,8 +12,11 @@ source: |
     )
     or strings.ilike(body.current_thread.text, "*invoice*")
   )
-  and any(ml.logo_detect(beta.message_screenshot()).brands,
-          .name == "Quickbooks" and .confidence in ("medium", "high")
+  and (
+    any(ml.logo_detect(beta.message_screenshot()).brands,
+        .name == "Quickbooks" and .confidence in ("medium", "high")
+    )
+    or strings.icontains(body.current_thread.text, 'Powered by QuickBooks')
   )
   and sender.email.domain.root_domain not in~ (
     'intuit.com',