“For your safety” – Beware of fake ING-DiBa emails

“For your safety” – Beware of fake ING-DiBa emails

Cybercriminals are currently trying to obtain sensitive data from ING-DiBa customers with dubious fake emails. The fake email claims that a problem has occurred during a routine security check of the online banking system. It advises that customers should immediately log on to an external website to avoid troubles with their bank.

However, in reality, this is a phishing attack that tries to collect personal information. In the following blog article, you will learn in detail how to protect yourself from fake emails or phishing attacks.

The fake email from our example

Fake E-Mail

A German ING-DIBA fake email (click for zoom)

The adjacent picture shows the detailed structure of the fake email – allegedly sent by ING-DiBa – in an iPhone mailbox. In fact, the email is part of a mass phishing attack and the message was sent fraudulently to a variety of email recipients.

For example, the subject line states “For Your Safety (Reference Number: xyz)”, and the presumable arbitrary order of the combination was set to “kx5qrvnzx3h” in this case. Before we blackened the personal information for reasons of data protection, we noticed that both the recipient’s address and the sender’s address had the same information. This was already a first indication of a fake email.

This scam is not uncommon amongst perpetrators when it comes to gathering information about their randomly selected victims via phishing. Those affected are especially inclined to follow the attached link if the phishing or fake email is opened on a mobile device, as it is in this case. This is particularly true if they are actual customers of the bank mentioned in the email.

In everyday life, too, recipients of phishing emails are also quick to follow the link when receiving such an email. The attacker offers the targeted person appropriate options in case a recipient does not have an account with ING-DiBa. In our example, the recipient has the opportunity to follow a flashy red button and allegedly communicate that he is not a customer of ING-DiBa. The destination of the link, however, is a phishing website, which is intended to tap user data in a big way from the mostly unsuspecting victims. The fake security notification of ING-DiBa is not an isolated case.

6 tips to detect phishing or fake emails

With the following tips, you will be able to detect phishing or fake emails to protect yourself from being affected by such attacks.

Feature No. 1: The salutation

It is striking that either a standard phrase is used to address the target person, or the salutation is completely missing. Very rarely recipients of phishing emails are addressed with their whole name. This is due to the fact that fake emails are not isolated cases, but often automated emails which are sent out millions of times. Individual addresses are rather the exception. In our example there was no address at all.

Once the victim has entered his details into the according form fields and pressed the confirmation button, the cybercriminal is in possession of the login details. Now he can make orders in online shops under false names or get access to sensitive account or company data. The phishing attack has been successful.

Hornetsecurity News

Stay in touch

Sign up to get the latest News about Cloud Security.

Feature No. 2: Content of the email

A phishing mail is contextually designed to hide the true intentions towards the recipient at least until he first clicks on one of the attached links. These following baits are very popular with cyber crooks:

  • Fake emails in the form of alleged PayPal security notifications
  • Phishing emails which seem to come from banks or other institutions
  • Fake email notifications that seem to come from Amazon or Ebay
  • Fake security issues in social media accounts that need to be resolved promptly

This shows that cybercriminals are very creative when it comes to fooling their victims.

Feature No. 3: The call to action

Once the attacker has created and sent out his fake email, he urges the recipient to act. In this specific case, the targeted person is initially led to an external page by clicking on a link. This page usually resembles closely the login area of a bank, an online retailer or any other company that offers certain Internet services.

Feature No. 4: The time shortage

An effective means often used by attackers is the limitation of time. This is an attempt to put the victim under stress and distract it. In our example, this is stated as follows: “Please log into your account as soon as possible to avoid any delay in your banking activities.”

Fear-spreading phrases in the subject line, such as “Your account has been suspended” or “An amount has been debited from your account” are also quite popular and common. These sentences cause some recipients to panic, so they follow the attached link without much thought.

Feature No. 5: Questionable buttons and links

In order to successfully carry out the process of phishing, a related link in text or button form is part of the standard repertoire of any phishing or fake email. This is also the case in our example.

Therefore, when it comes to questionable security queries that have a link, we recommend that you do not access these links from your email program. Instead, you should always directly log in to your user accounts via a browser or via the official website of the provider. This applies to online services of any kind.

Feature No. 6: This is how reputable companies and institutes work

As far as the detection of phishing emails or fake emails is concerned, it should always be remembered that reputable companies or institutes would never ask you to disclose personal information via email.

For this reason, various banks regularly point to the problem of fake emails or the so-called phishing mails. One bank states for example:

“Volksbank Raiffeisenbank or BVR will never ask bank customers for personal information such as PIN or account number via email. Neither will we insert a link to online banking in emails or ask bank customers to make test or remittance transfers. These practices are always indicators of attempted fraud.” (Source: Volksbank Raiffeisenbank)

Therefore, you can delete such an email immediately. This is ultimately the simplest way to counter a phishing attack.

Additional service information

Dangerous Amazon phishing emails cause trouble

Dangerous Amazon phishing emails cause trouble

Reputable and hardly suspicious – that’s how phishing emails, which have been circulating for several months and which allegedly come from Amazon, reach the mailboxes of many users. The reason for this is that those emails do not appear to be a cunning fraud but quite the opposite. They are so good in copying the design of a real Amazon email that they are hardly indistinguishable for end users. In addition, the cybercriminals use a personalized form of address in these phishing emails, which adds weight to the credibility of the email.

Example of such an Amazon phishing email

Example of such an Amazon phishing email (Click to enlarge image).

A phishing email personalized in this way is referred to as a “spear phishing attack”. These targeted attacks aim specifically at a single person or group of people. The behavior and personal data of target persons are spotted in advance in order to personalize the spear-phishing email the best possible way. Those fraud emails can only be identified through the sender address with which they were sent. These can, for example, be as follows:

  • mail@ama-aktualisierung-2017.site
  • sicherheit@amazon.de
  • info@amazon.hr
  • info@amazon.si
  • kundenservice@onlinehome.de

More detailed information about possible sender addresses, the structure of phishing emails and content can be found here.

Hornetsecurity News

Stay in touch

Sign up to get the latest News about Cloud Security.

What do the attackers want to achieve?


Referring in the email to the Federal Data Protection Act, the victims are requested to verify their data. By clicking on a link, they are redirected to a fake website that is almost indistinguishable from the real Amazon site. On closer inspection, only the URL used does not match that of Amazon.

On the fake sites, the people concerned should then disclose data of themselves. Otherwise the hackers threaten to block access to the account, as shown in the example above. This is, of course, a hollow statement. Anyone who responds to this request, however, transmits his data directly to the fraudsters. The cybercriminals use the obtained data to make purchases at the expense of the person concerned or to misuse them for other criminal activities.


Does Hornetsecurity Advanced Threat Protection detect fake emails?


Hornetsecurity Advanced Threat Protection is able to detect the new Amazon phishing emails as well as other targeted attacks. Safety mechanisms including Fraud Attempt Analysis, Identity Spooning Recognition and Intention Recognition can filter out threats of this kind. A loss of sensitive data can thus be prevented and Amazon phishing emails do not even get into the mailboxes of a company or employees.

Additional service information

DDoSage too high for your own protection measures

DDoSage too high for your own protection measures

When Denial-of-Service-attacks paralyze organizations


You often read news reports which state that a DDoS attack was responsible for the breakdown of a company’s website. Such an attack uses hijacked systems to intentionally generate a flood of data which paralyzes a company. Amongst others, email servers are frequently subject to DDoS attacks.


These attacks lead to the unavailability of websites and other services for a certain period of time. This outage of service can span from a few minutes to a few hours and even multiple days. Downtime – a nightmare for every organization.


DDoS attacks are not only able to hit the IT-structures of big international firms, which usually have well-engineered security concepts, they can harm smaller companies as well. Public institutions, administrations and authorities are also targets of these attacks. The reasons behind them are manifold: They can be traced back to the pure enjoyment of ‘destruction’, but the intentional harm of competitors or foreign governments can also be motives for these actions. Even hate and vengeance often cannot be ruled out here. For this reason, resorting to a reliable security system is inevitable.


DDoS attack: Digital vandalism impairs reputation


Hornetsecurity News

Stay in touch

Sign up to get the latest News about Cloud Security.

Each second in which, for instance, a mail server or certain kinds of website services are unavailable is expensive for an organization. This is especially true for companies which primarily process their transactions and offer their products and services online. The same goes for business divisions which handle their customer support services using email. The costs, however, do not only derive from the lost revenue during downtime. Having to quickly take measures of defense and potentially needing assistance from external experts can likewise become a cost driver. On top of everything, the impairment of the company’s reputation is another problem.


A company which the customer does not trust will not be able to have a solid long-term business base. For this reason, it is understandable that nearly 50 percent of affected companies keep quiet in the event of a cyber-attack. The fear of having to publicly admitting to a damage of their image is too severe.

This form of damage control might work in cases of simple cyber-crimes. It does not suffice however when it comes to DDoS attacks or forms of attacks that are a lot more complex. That is because these attacks do not only disrupt the activities and processes of the business unit, but often also cut through to the outside. Customers then notice these disruptions since they are directly affected by them as well.


Reliable IT security concepts are the solution


Companies should therefore be ready for DDoS attacks and every other form of cyber-attack. Security solutions such as the Hornetsecurity spam filter service are able to recognize a DDoS attack on a mailing server early enough and to fend them off. In the case of more complex forms of attack, like ransomware or identity theft, it is recommendable to use Advanced Threat Protection. This is a security solution which reliably recognizes and inhibits ransomware, blended and targeted attacks as well as digital espionage. Advanced Threat Protection’s (ATP) special analysis engines ensure this process. You can learn more about this here.


How can companies protect themselves from a DDoS attack?


But back to DDoS attacks. To prevent these, companies and authorities should take certain security precautions. What to do to effectively protect oneself from a DDoS attack.


1. The explosiveness of a DDoS attack


In principle, every organization can become the target of such an attack. Ultimately every firm and every administration must ask itself: “What would be the consequences of an outage of the mail server for me?” This question is important as the force of a DDoS attack can take shape in different strengths in the business environment. Downtime will be severely worse for a retailer who manages his shop online, compared to a local craftsman’s establishment. The result however is not much different for either of them. In the end, both want to maintain communication with their customers via email. For this reason a security concept is absolutely essential.


2. IT risk management


It is also important that the company takes precautions and implements specific courses of action in case of a DDoS attack. Should it come to a cyber-attack, a contact person should be immediately available. This could be an IT security officer in the company itself or an external employee of an IT service company, which offers appropriate security services and looks after IT security management.


3. Response to blackmail


Similar to ransomware, a successful DDoS attack, as a popular method, can be attached to a claim for money. This is a profitable business model for cyber criminals. This is especially true because the affected companies often agree to the offenders’ claims to avoid allegedly severe consequences. The BSI advises not to be susceptible to blackmail and to refuse to pay these respective sums of money. Instead, those affected should get the police involved and get support from professional IT security experts.


4. Implementation of defensive measures


The most important measure to avoid a DDoS attack is to not let it occur in the first place. For this purpose a competent IT security solution is vital – ideally, one that is cloud-based. The reason for this is that these providers have a much more powerful infrastructure and are able to parry even severe attacks without problem. In addition to that, customers do not have to worry about the installation and maintenance of the hard and software.


Additional information:



Interview with Tsigab Gebre – Trainee Service Operations Center

Interview with Tsigab Gebre – Trainee Service Operations Center

Tsigab is doing an apprenticeship at Hornetsecurity. He is from Eritrea and has been in Germany for only three years. Today we would like to introduce him to you.


Please briefly introduce yourself to us.

My name is Tsigab, I’m 26 years old and I’m living in Germany for three years now. I’m originally from Eritrea, which lies north of Ethiopia. In April I started working at Hornetsecurity as an intern and now I am an apprentice here.


Why did you applied to Hornetsecurity?

I have been interested in the job description of an IT-specialist for a while now and was able to gain some experience in my three years in Germany. I came across Hornetsecurity at the employment agency and applied directly for the advertised position.


What does your work routine look like?

At the moment I’m working in the area Service Operations, where I independently create spam rules for our spam filter service. I make sure that spam emails are recognized by our filters and treated as such. In addition, I get a good insight into other tasks that come up here at Hornetsecurity. Right now I’m being introduced to the Linux-administration and Bash Script.

You already mentioned it: What have you done before your internship at Hornetsecurity?

It is five years since I first worked in the IT field. Next to repairing computers I also made simple configurations of web servers and networks. From these previous experiences I benefit now. Now I want to improve my expertise and with Hornetsecurity I’ve found the right partner for that.


What do you do outside of the Hornetsecurity offices?

I like spending time with my friends in the garden. We love to care for plants and plant something new. To see how a small seed grows to a beautiful plant is triggering a positive feeling. After the gardening comes of course the pleasure. We relax and look proudly at our work. I always take my laptop computer with me because we occasionally like to play videogames. Furthermore, I like reading books and listening to music. If the weather is nice, I like taking a walk in Hanover to become familiar with my surroundings.


What is your decisive argument for going to work with pleasure?

Clearly my colleagues, who integrated me kindly into the team right from the start. I can always rely on their helpfulness. So I felt comfortable right from the beginning. The work at Hornetsecurity comes right after that. I really enjoy my work, which is very versatile because of the insights into the different departments.


You have been in Germany for three years. What are your plans for the next three years?

Firstly I want to continue my apprenticeship at Hornetsecurity and, of course, finish it successfully. Then it is my wish that I can continue my career at Hornetsecurity as a permanent employee.


Interview with Alexander Spaller – Regional Sales Manager

Interview with Alexander Spaller – Regional Sales Manager

LiveZilla Live Chat Software

Alex is working in the sales department at Hornetsecurity since the beginning of 2016. He provides us with some useful insights into his work environment.


What were your previous career steps?

After my commercial traineeship, I worked in the sales department at DELL in Halle for 5 years. At first, I was employed as an account manager. As a project manager of a specialized sales team, I was then responsible for major projects with public clients. My next career step led me to an IT security system reseller for more than two years, for which I was employed within the field service in the area Berlin-Brandenburg. After that I got to Hornetsecurity.


How did you get to the IT?

During my apprenticeship, I discovered my talent for distribution and I soon realized that the IT offers an incredible sales potential.


What motivates you personally?

Within the sales department I have the possibility to actively contribute to the corporate growth. This is a great motivation for my daily work.


Why did you choose Hornetsecurity as your employer?

Hornetsecurity is a rather young company and is characterized by flat hierarchies, high flexibility and great development opportunities with regard to management positions – these are all things that are very important to me. Furthermore, the products are in touch with the latest trends, because currently the market for cloud security is in a period of rapid development. Besides my passion for IT-security-products I’m also interested in contributing to the development of this market and in using the tremendous potentials in the field of distribution.


What are your tasks at Hornetsecurity?

As a regional Sales Manager I have two kinds of tasks. Firstly, I’m responsible for the support of sales partners in the area NORD. This includes on-site training courses, joint webinars and common customer meetings amongst other. Moreover, I support strategically important end customers.


What would you recommend to potential candidates for the sales department at Hornetsecurity?

Anyone who wants to work in our sales department should like to explore the large and increasing market of cloud security. A good organizational talent is important as well as a strong “hunting instinct” at the acquisition of sales partners and customers, independence, readiness to travel and interest in IT-security.


How are you supported at Hornetsecurity?

My individual support from the company is very multifaceted. On the one hand, there was a high degree of responsibility that was transferred to me at an early stage, which both challenged and encouraged me personally. On the other hand, there are possibilities to get internal as well as external training courses, which are specifically tailored to me.


What were you able to improve and which personal skills were you able to foster at Hornetsecurity?

Due to my professional activity, I was able to intensify the relationships to many customers and partners so that I could directly increase sales and indirectly improve the market perception of our products. From a personal perspective, I was able to train and improve my organizational and presentational skills.