diff --git a/detection-rules/link_microsoft_low_reputation.yml b/detection-rules/link_microsoft_low_reputation.yml
index eb4fec631e1..104b8c3d75a 100644
--- a/detection-rules/link_microsoft_low_reputation.yml
+++ b/detection-rules/link_microsoft_low_reputation.yml
@@ -61,7 +61,7 @@ source: |
                    "*fax*",
                    "*storage*",
                    "*quota*",
-                   "*messages*"
+                   "*message*"
      )
      and strings.ilike(body.plain.raw,
                        "*terminated*",