diff --git a/detection-rules/brand_impersonation_irs.yml b/detection-rules/brand_impersonation_irs.yml
index 2e6bdb9a123..0dcdcfe9739 100644
--- a/detection-rules/brand_impersonation_irs.yml
+++ b/detection-rules/brand_impersonation_irs.yml
@@ -22,6 +22,10 @@ source: |
               .name == "Government Services" and .confidence != "low"
       )
     )
+    or any(ml.nlu_classifier(body.current_thread.text).entities,
+           .name == "sender" and regex.imatch(.text, 'I.?R.?S')
+           or strings.contains(.text, "Internal Revenue Service")
+    )
   )
   and (
     (