diff --git a/detection-rules/qr_code_suspicious_indicators.yml b/detection-rules/qr_code_suspicious_indicators.yml
index b929c268a99..f040f97c35c 100644
--- a/detection-rules/qr_code_suspicious_indicators.yml
+++ b/detection-rules/qr_code_suspicious_indicators.yml
@@ -19,7 +19,6 @@ source: |
     and not sender.email.domain.root_domain in $org_display_names
     and (
       any(recipients.to, strings.icontains(sender.display_name, .email.domain.sld))
-      or any(recipients.to, strings.icontains(body.current_thread.text, .email.local_part))
       or length(body.current_thread.text) is null
       or body.current_thread.text == ""
       or regex.contains(subject.subject,