diff --git a/detection-rules/link_deactivated_bitly.yml b/detection-rules/link_deactivated_bitly.yml
index cb78681c762..3f6202ab040 100644
--- a/detection-rules/link_deactivated_bitly.yml
+++ b/detection-rules/link_deactivated_bitly.yml
@@ -11,7 +11,7 @@ source: |
           // link doesn't forward through
           and beta.linkanalysis(.).effective_url.domain.domain == "bit.ly"
           // blocked or gated by bit.ly
-          and strings.ilike(beta.linkanalysis(.).final_dom.display_text, "*link*blocked*", "*flagged*by*")
+          and strings.ilike(beta.linkanalysis(.).final_dom.display_text, "*link*blocked*", "*flagged*by*", "*been*deactivated*")
   )
 attack_types:
   - "Credential Phishing"