diff --git a/detection-rules/spam_meta_social_marketing.yml b/detection-rules/spam_meta_social_marketing.yml
new file mode 100644
index 00000000000..96d87456d89
--- /dev/null
+++ b/detection-rules/spam_meta_social_marketing.yml
@@ -0,0 +1,18 @@
+name: "Spam: Meta Social Media Marketing"
+description: "This rule detects spam related to offering Meta (Facebook) social media marketing. The messages typically offers a certification using a coursera course."
+type: "rule"
+severity: "low"
+source: |
+  type.inbound
+  and any(recipients.to, 
+      strings.icontains(body.current_thread.text, strings.concat("Dear ", .email.email))
+  )
+  and strings.icontains(body.current_thread.text, "Meta") and strings.icontains(body.current_thread.text, "Social Media Marketing")
+
+tags:
+  - "Attack surface reduction"
+attack_types:
+  - "Spam"
+detection_methods:
+  - "Content analysis"
+id: "a0a1b464-8374-599b-b47a-4af867da28b0"