Experts interview: Dr. Yvonne Bernard about Artificial Intelligence

Experts interview: Dr. Yvonne Bernard about Artificial Intelligence

 

Currently the topic of artificial intelligence dominates every discussion about digitization. As a former researcher on open systems and trust- and security mechanisms, this development has prompted our Head of Product Management Dr. Yvonne Bernard to take a closer look. In her recently published article „AI – the same procedures as last century?“ she provides a view behind the current hype. In the following interview with Yvonne, we will explore the background of this innovative technology, take a look at the implementation of artificial intelligence in an entrepreneurial context, and in conclusion discuss its potential in IT security.

 

So, what made you decide to take a further look at AI?

Especially in recent years, I have seen an enormous increase in AI technologies applied and – perhaps more importantly – advertised by technology companies and vendors around the world.
Since I have been dealing with this topic in research and teaching for several years, I was really curious: Have the mechanisms that I used and taught at Leibniz Universität Hannover developed further? Basic research takes up to 20 years, as they say, to be separated (if at all) from basic research in business-relevant technology, but to be honest, some of the features we used back then, such as artificial neural networks, were already older than me.

 

If you say this technology has been around for decades, why is it actually being applied just now?

Nowadays, what makes the implementation of AI technologies really worthwhile is the possibility to store and process large amounts of data and to adapt the processing schemes if necessary. Big data doesn’t mean storing everything and then looking at what you do with it: you have to think about data types in order to calculate efficiently and effectively on the basis of these data volumes. Also, the promotion of these technologies, which have been in use for years, has of course made its contribution to the hype. Furthermore, the growing number and quality of libraries that are available to the public and not only to researchers is a further aspect. You don’t have to spend much time looking for suitable software or frameworks to realize your AI ideas in functional code. Frameworks such as TensorFlow, Caffe and CNTK can be mentioned here. Thus, AI is increasingly used for the fast and (nearly) optimum solution of real problems.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

 

What has made the use of AI possible in companies and what is the necessity?

As already mentioned, the increasing number and quality of libraries and the possibility to work with large amounts of data are the main growth drivers of the use of AI in the business environment. In addition, completely new and additional techniques such as supervised machine learning can be applied. In this case, a certain amount of the available total data is used, which is assumed to be very similar to the data for which the algorithms are trained for. An “unlearning” of desired characteristics is thus to be excluded.
To compare: In research laboratories, it is always important to make sure that the algorithms to be applied are well parameterized and suitable for the targeted data set. In business life one often does not want to and cannot spend this time to evaluate every possible parameter set. Moreover, a learning algorithm that learns something unexpected is great for a researcher but cannot be tolerated in business.

 

In which industries and processes do you see the greatest opportunities for the application of artificial intelligence?

It is safe to say that AI will not be the only solution to each of today’s problems. But there are areas where AI techniques are easier and more accessible than ever, and nothing should prevent developers and system developers from using the former pure research technology in any way that helps them find a good (or if possible the best) solution to their real problems. I would like to emphasize that – also at Hornetsecurity – many procedures from the quantity of AI methods have already been used successfully for years. In the past, however, such techniques were not advertised consciously, whereas today AI is perceived as a quality criteria or at least as an innovation. In general, the application is generally widespread in the area of optimization procedures and is also recommended, since simple heuristics are often not sufficient in terms of quality, but the determination of the optimal solution would not be possible in the desired time due to the complexity of processing times. Suitable learning methods can achieve excellent results in a short time – if you know how to use them wisely. Optimization processes can be found in almost all industries.

And finally: Do you think that artificial intelligence will influence and change IT security?

Yes, absolutely, but in both ways: Not only security research, but also attackers will increasingly use the accessibility of these technologies. With our comprehensive understanding and many years of experience in this field of algorithms, Hornetsecurity is well prepared for this “Arms Race”.

Ghidra – Reverse Engineering Tool of the NSA

Ghidra – Reverse Engineering Tool of the NSA

On March 5, 2019 the long-awaited Reverse Engineering Tool of the US Secret Service NSA was presented at the RSA Conference. Our Head of Product Management Dr. Yvonne Bernard was there live at the event and shares her impressions in the following.


Ghidra! – Even our Security Lab is curious to see what the tool, which the NSA will publish as “Open Source Software”, has to offer. Reverse engineering tools are rare and expensive – but essential for security researchers and malware analysts to get to the bottom of suspicious files. The rush to the lecture by Rob Joyce, Senior Advisor for Cybersecurity (NSA), was therefore enormous, so that the lecture room had to be enlarged. Rob Joyce started his lecture with a touch of humor, because he realized that half of the audience was only present because “NSA” appeared in the title.
Straightaway, he clarified that the tool has no backdoor; if there is a community where you can’t permit it, it’s this community. If applicable, different from open operating systems – “Each of your Android phones has a little bit of NSA in it”. However, some rumors in the web disprove the statement about missing backdoors at Ghidra – the Java debug port is currently under discussion.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

Ghidra offers a wide range of useful features for security researchers and has been designed for collaborative use: Analysts can collaborate on a project basis and share information easily and globally. This is one of the purposes which the secret service set itself with the release.
Due to the simple extensibility, researchers can add their own tools and integrate their own small applications, e.g. in Java or Python.
A generic processor model (Sleigh) in the background makes it possible to observe the effects of changes of single parts in the binary in all levels directly and thus to understand foreign software better. In addition to the interactive user interface, Batch processing is also possible to perform large quantities of analyses simultaneously.

Another important feature is the Undo/Redo function, which can be applied to undo certain actions without understanding the complete analysis results. It can also be used to transfer actions to other samples.
The first impression of the tool is very promising, but Hornetsecurity only tests the software in isolated secure environments for data examples that are suitable for this purpose – because some skepticism remains.

Some impressions of the Ghidra-Presentation

Social engineering – How hackers get at your data without programming skills

Social engineering – How hackers get at your data without programming skills

“There’s no technology today that can’t be overcome through social engineering.” (Kevin Mitnick, former hacker and social engineering expert)

Even with the best technical security precautions, every company has a risk factor that is difficult to control: the human one. To get hold of important data or gain access, a hacker needs to understand not only computers but also people. What exactly is social engineering and how can you protect yourself? We will answer key questions about this in the article below.

What’s behind “social engineering”

Social engineering is all about manipulating individuals on an interpersonal level. It involves the hacker trying to gain their victim’s trust and persuade them to reveal confidential information, for example, or to share credit card details and passwords.

The method is not something that only occurs on the Internet, but a scam tactic that has been used for many decades. One of the best-known ploys is the “grandparent” scam, where a fraudster telephones an elderly person and passes themselves off as a relative in desperate need of money (German police program for crime prevention, 2017).

Criminals also regularly use social engineering for financial gain through online dating services. A seemingly young, attractive woman will contact a man who is obviously looking for a new partner. The imposter plays their single-woman-in-love role well enough to win the victim’s trust in a relatively short time. Then the criminal asks the victim to help them with money for something like visiting their “new partner” – after which they often cut off contact.

Social engineering attacks on companies

If social hacking works in the private sphere, then businesses are the next target up for criminals – chiefly because there are often higher sums of money up for grabs here. Hackers follow much the same approach as with private individuals, although obtaining the information needed for a professional attack takes significantly more time. This makes the following information especially relevant for cybercriminals:

  • Who is the head of the company (CEO) and which individuals are in leadership positions?
  • Who is authorized to make bank transfers?
  • When is the CEO on vacation or out of town for a work trip?
  • What business activities are currently happening?

Hackers will usually target an employee who is authorized to carry out financial transactions, sending them an urgent message from a fake email address that looks like it has come from the boss.

Examples of Social Engineering:

Due to the apparent urgency of the request, the email recipient then finds themselves rushing to follow their superior’s instructions without asking any significant questions. Once the data has been sent, the cybercriminal goes straight to work or money is transferred directly to the social hacker’s account. In 2016, large enterprises like Austrian aeronautics supplier FACC and Nuremberg-based cable manufacturer Leoni learned hard financial lessons about this modus operandi when they suffered losses of several million euros.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

But be warned – CEOs and people in accounting are not the only ones who are vulnerable:

“Hey,
Felix from IT here. I’ve noticed a couple of irregularities with your account on our system. Can you give me your login details so that I can check it out?

Regards, Felix”

How would you react to a message like this? Would you reply? You may not know everyone in IT, but Felix appears to be a coworker and looking to help you safeguard internal IT security.

In large firms especially, most employees will not be familiar with the whole IT team. Anyone trusting such an email makes it possible for sensitive data to be stolen and puts many other areas of a business besides IT security at immense risk.

Phishing: the impersonal form of social engineering

A less laborious type of social engineering is the classic phishing email. This usually involves fake PayPal emails containing a link to a simulated website so much like the original that it is difficult to notice any deception. The email will ask people to update or verify their login details on this website, but doing so delivers the data directly into the hands of the scammers.

Unlike a personalized email, these messages are highly generic. The classic phishing email is based on a simple and less costly method, which means huge volumes of emails are sent. Even if only a fraction of the recipients fall for the ruse, hackers will have found the social engineering attack worthwhile..

Social engineering needs no programming expertise

Technical obstacles are overcome simply by employing psychological tricks, with hackers exploiting people as the weakest link in the IT security chain. Even the most secure vault in the world can be opened if the access details are handed over to unauthorized individuals. This saves the criminal a great deal of technical effort and lessens the chance of them being detected by IT security measures.

If you had replied to the email from Felix above, the hacker would have infiltrated the company network within a few minutes. No effort, no programming skill, no great risk. Criminals leverage employees’ fundamental trust and curiosity in order to steal data or money.

How can I protect myself and my company against social engineering?

Organize preventive training sessions on a regular basis to educate yourself and your colleagues about the dangers of fake emails. Regular information emails can also help to raise awareness of the issue.

As long as criminals have not gained access to an employee’s or the CEO’s email account, there are several different ways to recognize fake emails:

  • Verify the sender address: Check the sender address carefully. Is the email address really correct? Have any letters been swapped, maybe? Or an upper-case I replaced with a lower-case L? There will often be an automatically generated and untraceable second email address behind the first one. If you think an email is suspicious, you can take a closer look at the header. Information like the actual sender and the server that the message was sent from can all be found in an email’s header. In most cases, the sender is the clearest criterion for identifying a fraud attack.
  • Check first hand: Contact colleagues directly if you’re unsure. Call the person in question or speak with them face to face.
  • Rhetoric: With CEO fraud attacks especially, it is important not to let yourself be intimidated. Ask yourself whether the boss really wants to transfer €20,000 into an unknown account without anyone’s knowledge. Or consider whether your IT colleague Felix could in fact have noticed “unusual activity” and why that would make him require your login anyway. And even as a private individual – if you receive a surprising email from a company where you are a customer, it can help to make a brief call to their support team.
  • Pay attention to spelling mistakes: Phishing emails, in particular, are full of misspelled words; from an incorrectly written name to sloppy language that suggests the text was not written by a native speaker but perhaps translated by automated language software.
  • Don’t click on links directly: If the content of an email leaves you in any doubt, the best thing is not to click on any links inside it and instead to access the website concerned directly through your browser. For example, if Amazon asks you to update your details, then you should go directly to Amazon.com and look for a corresponding message there. If there is nothing to be found, you have likely received a phishing email.
  • Hover over links: Before you open a link, mouse over it. With most browsers, a small window will open in the bottom left. This is the URL which will be accessed when the link is clicked. Checking the URL provides information about the true destination of the displayed web address.

Google phishing quiz: Your free awareness check

A few weeks ago, Google created a security quiz in response to the sharp growth in phishing attacks. This quiz challenges you to try and spot a phishing email. Can you see through any social engineering attack? Find out now!

Additional safeguards with Hornetsecurity Advanced Threat Protection

Classic phishing emails will generally be identified and weeded out immediately by a good spam filter. A personalized social engineering attack, however, is not much different from a perfectly ordinary email. These unwanted emails will therefore end up in your inbox in spite of spam filtering.

Advanced Threat Protection goes a step further: various deep filters and heuristic detection mechanisms will uncover almost any fake email. With the help of AI, the filter learns from every attack and thus improves its detection rate on a daily basis. Advanced Threat Protection covers many of the above points completely automatically.
Ultimately, though, you should always question every email and be cautious about sharing data.

Malware – The Cyber Century’s Growing Threat

Malware – The Cyber Century’s Growing Threat

In the last two years, malicious programs like WannaCry, Petya and Ryuk have made it abundantly clear that malware and cyberattacks are entirely capable of bringing companies with inadequate cybersecurity to the brink of a shutdown and even driving them to bankruptcy.

During 2018, the Hornetsecurity Security Lab noticed a massive increase in emails with harmful attachments. The Emotet, Hancinator, Zeus and Trickbot trojans gave companies particular cause to be wary – in terms of email volume, these were among the biggest malware campaigns of 2018. A breakdown of malware attacks and their monthly incidence throughout 2018 is shown in the infographic. Hornetsecurity has analyzed the individual campaigns and painted a clear picture of what formats and files were concealing malicious software.

Malware is now the biggest threat to businesses, as according to the BSI (Federal Office for Information Security) report on “The State of IT-Security in Germany 2018”, 57 percent of all recorded cyberattacks can be traced back to malware infections. Email communication is the main method of transmission – masquerading as a harmless email, malware may be hiding in an attached Office file, for instance.

Ransomware, cryptominers, and spyware can lurk in Word documents as well as behind web links, and are among the varieties of malware most favored by cybercriminals. While malware sent via indiscriminate mass email (also known as spam) has declined sharply in recent years, businesses in particular are more and more often subjected to targeted and complex attack campaigns. Hackers are increasingly using social engineering and spear phishing to sneak malware onto company operating systems.

Over the last two years, the proportion of all recorded email traffic that is infected with malware has risen to around 1.3 percent. When dealing with a volume of 1,000 emails per day, that means at least 13 emails will contain malware; for a company that receives several thousand emails a day, it means that without adequate email security, the risk of falling victim to a malware attack is extremely high. After all, this is a particularly lucrative approach for cybercriminals. The German industry alone lost a total of around EUR 43 million due to malicious software in 2017 and 2018.

Developments such as growing connectivity and changing communication platforms will likely increase malware attacks and associated losses even further. Cyber risks are among the greatest dangers of going digital. Ransomware, one of the most widespread types of malware, is a particularly promising source of profit for hackers. . The fear of negative PR and the potentially far-reaching consequences inadequately protecting internal data is too high.

The last few years show a clear trend in the spread of malware: attacks will continue to proliferate. Until companies consider email and cybersecurity a necessary requirement in safely maintaining corporate communication and operational processes, cybercriminals will keep cashing in at their expense.

Cybercrime: Ruthless, extremely complex and a never-ending story

Cybercrime: Ruthless, extremely complex and a never-ending story

No year before has made more headlines in digital crime than 2018. This is the conclusion of the latest edition of the Hornetsecurity Cyberthreat Report. Not only the quantity of crimes has increased rapidly, but also their quality. According to a spokesman for the State Criminal Investigation Office (LKA) Lower Saxony in response to a request from the German newspaper “Hannoversche Allgemeine Zeitung”, the number of criminal activities via the Internet alone has increased by 30% in recent years.

Cyberattacks such as Advanced Persistent Threats, Malware and Spam as well as the transfer of “typical” criminal activities to the online world are responsible for the rapid increase. These criminal activities include trading of weapons, drugs, illegal pornography and counterfeit papers. “The criminals use the possibilities of digitalization extensively, not only in communication”, says LKA spokesman Marius Schmidt. In particular, the Darknet is becoming increasingly significant.

The number of unreported cases is massive

According to the Cyberthreat Report cybercrime is the world’s third largest threat after environmental disasters and political tensions. In 2017, the Federal Criminal Police Office (BKA) was able to identify almost 86,000 cases of cybercrime in Germany – an increase of four percent compared to the previous year.

The cost of the damage caused by cybercrime increased just as rapidly. Whereas cybercrime in Germany caused economic damage of 50.9 million euros in 2016, 71.4 million euros were lost in 2017. The worst thing about these numbers: These are only financial damages caused by cases registered by the BKA. Experts estimate that this number represents only 9% of the total loss. That means there are more than 90% of unreported cases .

But why is the number so high? Experts assume that cyberattacks are often noticed far too late, or not at all. However, in many cases they are not even reported to the relevant authorities by the companies concerned. This is due to the concern about loss of reputation and image. The latest massive cyberattack on the Marriott hotel chain is a classic example of such an incident. For years, hackers stayed unnoticed in the network of the world’s third-largest hotel group and, among other things, captured credit card data from half a billion customers. The German industry association Bitkom comes to completely different results due to such cybercriminal incidents. It recorded an enormous amount of damage of 55 billion euros.

Advanced Persistent Threats still very popular

As in 2017, the popularity of Advanced Persistent Threats among cyber criminals continues uninterrupted. With the attack on the French construction company Ingérop, the hackers once again proved the significant threat potential of such sophisticated cyberattacks. They succeeded in transferring malware into the IT infrastructure by means of a professionally designed phishing campaign on employees of the Group. This served as a door opener for a large-scale data theft. The hackers captured a total of 65 gigabytes of sensitive data, including construction plans for nuclear facilities and high-security prisons. Furthermore, sensitive personal data of a total of 1,200 Ingérop employees were stolen.

Also, the German armament company Krauss Maffei recently experienced an attack of this kind. Hackers penetrated the company’s IT systems and infected it with malware. The production process had to be shut down for a week afterwards. This was followed by an extortion attempt with a ransom demand.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

Malware remains standard

Compared to Advanced Persistent Threats, malware is far less complex, but still very effective. In general, it is used to perform unwanted or harmful functions to users. The cyber criminals use malware to increase their income, for example. The great variety of malware makes it a very popular tool for hackers.

This popularity is also reflected in its distribution: between 2006 and 2017, the number of malware incidents increased constantly. Email communication is the main gateway to malicious file attachments. Office files are particularly popular as disguise. Every third malware sent disguised itself as a Word, Excel or PowerPoint file, as can also be read in the Cyberthreat Report.

Spam emails – threat potential increases

Spam is no longer as popular among cybercriminals as it was ten years ago. The Hornetsecurity Cyberthreat Report concludes that in 2018 not even every second email was a spam email. The situation was different back in 2009: At this time, it was almost 100 percent of all emails. Anyone who thinks that this trend is positive is unfortunately mistaken. Whilst ten years ago almost no spam email contained malware, today this is quite different. More and more emails are packed with malware such as viruses, Trojans, Ransomware or spyware.

To summarise: The battle is far from lost.

Even though the damage caused by cybercrime is steadily increasing and it is becoming increasingly difficult to cope with the complex threat situation, the final “battle” has not yet been fought. More and more companies are aware of the current threat situation and are implementing intelligent IT security concepts as well as effective Managed Security Services to prevent sophisticated cyberattacks.

While expenses for Managed Security Services added up to 4.27 billion US dollars in 2016, this amount will be doubled to 8.26 billion US dollars in 2021. Companies have realized that they need to prevent cyber threats from the very beginning. Once the threat has invaded the IT infrastructure, it’s already too late.

In our latest Cyberthreat Report you can find out in detail which trends and developments are currently particularly affecting the world of cybercrime and which dangers result from this.

Phishing emails – on a fishing trip at the data flow

Phishing emails – on a fishing trip at the data flow

The email from the principal bank came completely unexpected, its design very authentic, the content unsuspicious at first glance: ” We’ve detected a security breach in our systems. Please log into your account immediately to verify your identity”. – many recipients of such an email are not able to see its hidden fraud. That is because this is not a security breach or a well-intentioned advice from the credit institution, but a classic phishing email.

But how does phishing actually work and is a non-expert able to see through the scam? What happens after I fall for the fraud? Why are phishing emails called that way and how can I protect myself from these attacks? Questions about phishing are a dime a dozen. This blog post aims to shed some light on the abysses of phishing and shows not only how to uncover phishing emails with a few simple tricks, but also how not to let them into your mailbox in the first place.

The name says it all

The word “phishing” established itself in the USA in the 1990s and has less to do with the open sea and its inhabitants, but parallels to the English word “fishing” can still be drawn. Because in phishing, cybercriminals literally “catch” the personal data of their victims in a fraudulent way.

The word “Phreaking” also influences the naming process. It describes the sneaking of free telephone calls by generating a 2600-hertz tone played into the handset that could mislead certain switching centres in the USA, France or Japan, for example, to set up telephone calls.The amusing thing about this is that exactly this 2600-hertz sound can be produced with a toy pipe that was once a promotional item for the “Captain Crunsh” cereals. However, modern switching technology no longer allows this method, although this procedure is the beginning of today’s well-known “hacking”. The term “phishing” is a neologism of the two words “fishing” and “phreaking”.

How does phishing work?

A phishing attack is a digital identity theft. The hackers send fraudulent emails, which for example imitate the design of well-known Internet service providers such as Amazon or PayPal as well as leading financial institutions.

With the help of insidious pretexts, the partly appearingly fraudulent messages try to lure their recipients to fake websites to have them reveal their personal data. They claim, for example, that there has been a hacker attack and that the supposedly affected account is no longer secure. Only if the user verifies his personal data on the website which can be reached via a link, the security of the account will be ensured.

The link embedded in the email is often very difficult to expose as a fraud. This is simply because the cyber criminals put a lot of value on the fact that the implemented links look as authentic as possible. By buying domains, such as “amazn.com”, which look almost similar to the original, the fraud is successful in most cases. According to the Anti-Phishing Working Group (APWG), nearly 114,000 of such phishing sites were online in March 2018.

In order to make the fraud perfect, this obviously also applies to the sender addresses of the phishing emails. The actual Amazon sender address „noreply@amazon.com“ will then be changed to „noreply@amzon.com“.

With certain email clients it is also possible to use a display name to cover up absurd sender addresses, such as hacker@doamin.com, which have nothing to do with – in our case – Amazon. Visually, this fraud can only be detected with a precise look and most victims do not notice the fake at all or at least when it is already too late. Once the victim has entered his or her personal data on the malicious website, the information is transferred directly to the cybercriminals.

Phishing and its varieties

Regular phishing emails, like spam emails, are intended for mass mailing. Cybercriminals purchase large amounts of email addresses for this purpose or use data they have captured. These fraud messages are then usually sent to millions of different people. Even though for some phishing emails the focus is not on details, they can often achieve significant success rates – at least when you look at total figures. The situation is quite different with so-called spear phishing.

The method relies mainly on the traditional phishing scam, but in this case “spear phishing” is a targeted email fraud.It can be adapted to a specific company as well as to a specific person. The purpose is to steal sensitive financial or login data. Through social engineering, cybercriminals find out as much personal information about their tagret as possible in advance so they can fake deceptively real-looking email communication. In best case, the victim does not notice the fraud and is directed to a fake website, where he or she then reveals his or her data.

What do the digital pirates want to achieve?

In most cases, the information “obtained” by the cybercriminals is access data for online banking accounts or other web-based banking services, as well as credit card information in general being a popular target.

The motivation of the attackers can be quite different and ranges from financial enrichment in the sense of account robbery or the selling of data, up to hacker attacks on companies, which are accomplished by the information of the captured data.

I have been a victim of a phishing attack – what should I do now?

Despite all the security measures, it happened and you became the victim of a phishing attack. Often one notices this only when it is already too late. Now it’s time to stay calm and react quickly! It is best to inform the operator of the affected account about the phishing attack immediately so that he can initiate appropriate measures and make the fraud public. In some cases, you can also become active yourself by changing the access data of the relevant account or by locking it if possible.

How can I effectively protect myself from phishing?

The success rate of phishing emails is very high. In 2017, Trojaner-Info.de even reported about an extremely complex phishing attack against frequent flyers, which had an immensely high success rate of 90 percent. Becoming a victim of a phishing attack can happen faster than you think.This makes it all more important to be prepared in advance for potential phishing attacks. We have therefore listed the most important recommendations in the following section.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

1. Sensibilisation

First of all, the right sensibilisation to the defence against phishing emails is a good base.. Many users are not sufficiently aware of dangers hidden in their email inbox, such as phishing attacks.It is therefore difficult for them to identify malicious emails as such. However, the risk of a phising campaign can be reduced with a little prior knowledge.

If phishing is suspected, the first thing to be checked is whether the sender address actually matches the original domain or whether it contains additions or spelling mistakes. If this is the case, it may be a first indication of a phishing attack. A further hint may be impersonal greeting, such as “Dear Ladies and Gentlemen”. For example, a bank would always start its emails to customers with a personal salutation. In addition, you should never click on links or buttons placed in emails, since as a “normal user” it is unfortunately very difficult to check if the supposed link destination is actually correct.

If the address is similar to the original domain and seems unsuspicious at first, you can check this by matching both URLs. In addition, you should never reveal personal information in any email communication.

2. Active protection

Beyond awareness, there are things that can be done to actively defend against phishing attacks. In the email client, for example, the “run active content” function should be deactivated, as this can lead to harmful content being automatically run unnoticed.

If you don’t want phishing emails to be delievered to your inbox the first place, you shouldn’t miss out on a spam filter service. Hornetsecurity’s Managed Spam Filter Service reliably filters 99.9% of all email threats, including phishing emails.

Hornetsecurity Advanced Threat Protection is designed to detect even the most sophisticated phishing campaigns through a bundle of security mechanisms such as Fraud Attempt Analysis, Identity Spoofing Recognition or Targeted Attack Detection. This ensures that no employee accidentally falls for a phishing email – even with the most advanced security measures.

Example of a phishing email:

Phishing email example

Classic phishing email in which cybercriminals disguise themselves as credit institutions. Using the pretext that there have been unusual login activities on the account, the target person is forced to verify their account details. The design is indistinguishable from the regular design of the bank. The email does not contain any spelling mistakes and the formatting is correct. Advertisements in the email with links to the real website and the QR coder for the banking app round off the overall picture. Since it is a credit institution from South Africa, even the sender domain “abSaMail.co.za” is quite credible. Only the prefix “xiphaMe” looks strange and indicates a fraud.

Example of a spear phishing email:

Spear Phishing email example

Example of a perfidious spear phishing email*. The fraudsters used social engineering to find out the names, email addresses and most likely the relationship between two employees. They then used the captured information to recreate an email communication that was as authentic as possible. Trust is built through personal salutations and insider knowledge of the company’s lawyer. The email address of the alleged sender is also entered in the name field. This is to suggest that it is actually the correct sender address. The actual sender address only follows after this.

*The example shown is a real spear phishing email. For data protection reasons, all personal information has been changed.