diff --git a/detection-rules/body_business_email_compromise_new_sender.yml b/detection-rules/body_business_email_compromise_new_sender.yml
index 0e08aa21cdb..700e3367743 100644
--- a/detection-rules/body_business_email_compromise_new_sender.yml
+++ b/detection-rules/body_business_email_compromise_new_sender.yml
@@ -6,7 +6,7 @@ severity: "medium"
 source: |
   type.inbound
   and any(ml.nlu_classifier(body.current_thread.text).intents,
-          .name in ("bec") and .confidence == "high"
+          .name in ("bec") and .confidence in ("high", "medium")
   )
   // negating legit replies
   and not (