diff --git a/detection-rules/attachment_adobe_image_lure.yml b/detection-rules/attachment_adobe_image_lure.yml
index 85abe73c278..02fe1f82960 100644
--- a/detection-rules/attachment_adobe_image_lure.yml
+++ b/detection-rules/attachment_adobe_image_lure.yml
@@ -102,6 +102,11 @@ source: |
     // exclude solicited senders
     not profile.by_sender_email().solicited
     or profile.by_sender_email().prevalence == "new"
+    // include solicited senders where prevelance is rare
+    or (
+      profile.by_sender_email().prevalence == "rare"
+      and profile.by_sender_email().solicited
+    )
     or length(recipients.to) == 0
     // domains for recipients to/cc must be valid
     or (