diff --git a/detection-rules/impersonation_usps.yml b/detection-rules/impersonation_usps.yml
index 9c9ba2811c4..c77383d29c4 100644
--- a/detection-rules/impersonation_usps.yml
+++ b/detection-rules/impersonation_usps.yml
@@ -4,7 +4,10 @@ type: "rule"
 severity: "high"
 source: |
   type.inbound
-  and any(ml.logo_detect(file.message_screenshot()).brands, .name == "USPS")
+  and (
+    any(ml.logo_detect(file.message_screenshot()).brands, .name == "USPS")
+    or sender.display_name =~ "USPS"
+  )
   and length(body.links) > 0
   and 2 of (
     any(body.links,