diff --git a/detection-rules/impersonation_human_resources.yml b/detection-rules/impersonation_human_resources.yml
index afa449157b2..0e4a77e8fe4 100644
--- a/detection-rules/impersonation_human_resources.yml
+++ b/detection-rules/impersonation_human_resources.yml
@@ -8,6 +8,10 @@ source: |
   and regex.icontains(sender.display_name,
                       '(\bh\W?r\W?\b|human resources|hr depart(ment)?|employee relations)'
   )
+  
+  // Negate common marketing mailers
+  and not regex.icontains(sender.display_name, 'HR (Events|Expert)')
+  
   and  (0 < length(body.links) < 10 or length(attachments) > 0)
   // Request and Urgency
   and any(ml.nlu_classifier(body.current_thread.text).entities, .name == "request")
@@ -36,6 +40,7 @@ source: |
     )
     or sender.email.domain.root_domain not in $high_trust_sender_root_domains
   )
+
 attack_types:
   - "BEC/Fraud"
   - "Credential Phishing"