Emotet: Comeback in a new guise

Emotet: Comeback in a new guise

+++ UPDATE 05.12.2018: The Hornetsecurity Security Lab is currently observing an immense increase in the number of dangerous emails, which come with the malicious malware “Emotet”. Also the BSI informs about the growing threat, by the current Phishing and Spam campaign, which spreads “Emotet”. The affected companies suffered from failures of their entire IT infrastructure, which resulted in immense capital damage.

Disguised as an Office Word document attached to a legitimate email, the malware is installed on a computer when opened and reads contacts and email content from the mailboxes of the infected system. Furthermore, Emotet has the ability to reload additional malware that allows hackers to read access data and provide remote access to the system.

In September this year, Hornetsecurity already published a report about the appearance of the malware as an invoice disguised as a PDF document, which reloads a banking Trojan when executed.+++

New Emotet version

Since Christmas last year, no major offensives by the banking Trojan Emotet have been observed. Now it appears in a new shape and is distributed by an insidious blended attack.

The malware specialists from our security lab found a new type of the banking Trojan Emotet on Thursday, 06.09.18 and investigated the attacking method in more detail.

Earlier versions of Emotet were mainly distributed directly in email attachments or through links in email bodies. This new type uses a more complex delivery method: it is hidden in the form of a PDF document disguised as an invoice and attached to a phishing email.

Emotet phishing email

Phishing email with attached PDF document

Emotet PDF document

PDF document with link to Office file

The content of this PDF document contains a link to download an Office file.

Emotet office document

Office document

Once the user opens the file, a macro is executed that downloads the dangerous malware.

Statische Analyse Emotet Code-Fragment

Static analysis – code fragment

Emotet uses this cover-up technique to circumvent virus filters and sandbox analyses. So far this seems to work well, because not even a third of the antivirus programs listed on VirusTotal classify the file as dangerous.

On the safe side with Advanced Threat Protection

The URL scanning feature of Hornetsecurity’s Advanced Threat Protection detects files, however well hidden they may be, and protects customers’ IT from this persistent blended attack even before the phishing mail arrives.

Malware – Cybercriminal’s favourite

Malware – Cybercriminal’s favourite

When the question is brought up as to what the term “malware” is all about, most people do not understand what the term is about. Often words like “virus” or “Trojan” are used. This is not necessarily wrong, but also not actually right. After all, the topic is much more complex and is not just about viruses and Trojans.

This blog post gives an insight into the world of malware and explains what the term actually stands for, why cybercriminals use malware and what kind of security measures are available.

More than just viruses and Trojans

“Malware” is a neologism composed of the two English words “malicious” and “software”. Mistakenly, malware is often used synonymously for the words virus or trojan, but the world of malware is much larger and more complex. In fact, malware is simply a collective term for various malicious programs, which in addition to viruses and Trojans also include “exploits”, “backdoors”, “spyware”, “worms” and “ransomware” – to name just a few of the most important representatives.

According to a study by av-test.org, trojans made up the majority of widespread malware on Windows with 51.48 percent. Far behind rank viruses with 18.93 percent followed by scripts with 10.56 percent. All other types of malware, such as ransomware, only play a minor role in the frequency of their occurrence.

Percentage of malware types







Viruses, Trojans and worms – what are the differences?

Computer viruses are the classic type of malware and were already developed in the early 1970s. They are designed to infect other files and can spread from one computer system to another and contaminate it as well. Viruses cannot be activated without human intervention because the compromised file must be executed first.

A Trojan, on the other hand, is not a virus, but a malicious program that disguises itself as a good-natured application – which is why it is often referred to as a “Trojan horse”. Unlike viruses, Trojans do not replicate themselves. They allow hackers to take control of the infected system via a so-called “backdoor”.

Computer worms differ from viruses in their ability to spread without any intervention. By using a data interface, the malicious program can spread automatically. Since the worm can replicate itself within the system, there is a danger that not only one worm but hundreds or even thousands of copies will be sent. In the final instance, this can result in a system having to provide so many resources that no response or only extremely slow feedback occurs.

Spyware – The Spy in the System

spyware is considered the spy among malware types. It is out to record and steal entered user data. For example, it records logins in social media accounts or spies on account data during online banking. The captured data is then transferred to the hackers, who either resell it or misuse it for their own, mostly financial, interests.

Spyware can appear in different ways. On the one hand, it is possible that a so-called “keylogger” is used, which records keystrokes. On the other side, “Screencast” can be used to monitor the user’s screen activity. Hackers can also use a “browser hijacker”


Ransomware – When the computer demands ransom money

Ransomware is a form of malware that is able to prevent access to all data stored on a computer. The hackers encrypt the files stored on the hard disk and after a successful infection usually leave a message on the screen of the victim with the demand a ransom. If this doesn’t happen, it is threatened that the encrypted files – depending on the implementation of the Ransomware – will not be decrypted or even deleted.

There are plenty of ways to infect computers with ransomware. By far the most common gateway, however, is email communication. The cybercriminals often use social engineering to impersonate a well-known organization or a familiar person in order to suggest trust.

to impersonate a well-known organization or a familiar person in order to suggest trust.
In many cases, the Ransomware is contained in an Office document that is sent as an attachment. A pretext is used to persuade the recipient to open the file. In this case, all data on the hard disk is encrypted. Especially in recent years, there have been massive Ransomware attacks, known as „WannaCry“ or „Petya“. Even if Ransomware only appears rarely in the frequency of occurrence: The damage that can be caused by the aggressive cryptotrojans should never be underestimated! Measured in absolute figures, one percent of total malware worldwide is still a significant number.



Hornetsecurity News

Stay in touch

Sign up to get the latest News about Cloud Security.


Exploits and Backdoors – The ace up the sleeve

Exploits are a popular tool used by hackers to exploit vulnerabilities or security gaps in software and use them to enter computer systems. An exploit can be a simple theoretical description of a vulnerability or a directly runable program code.

The range of different types of exploits is so wide that there is the right exploit for almost every occasion. They differ not only in the type of attack, but also in their effects. Depending on its type, the malicious program can write or read data, for example, or even crash a system. Well-known exploit types are the zero-day attack and the denial of service exploit (DoS exploit).



A backdoor, on the other hand, represents an alternative, mostly hidden access to a software or hardware system. This enables the provider and its partners (e.g. secret services) but also hackers to circumvent the access protection and gain access to the system. As already mentioned, Trojans also have a backdoor, but it has to be clearly defined: The Trojan only serves as a means to an end, since it pretends to be a useful program and ensures that the computer can be compromised via the built-in backdoor. The backdoor ifself does not require a Trojan, as it can be installed in the system from the very beginning.



Many types of malware, one solution?

The professionalism of malware attacks is increasing day by day. In particular, attacks through ransomware are very popular among cybercriminals. Those who think that there is THE solution to the problem of malware are unfortunately mistaken. Rather, a company should have a sophisticated security concept with many different measures. In the following we will describe in detail which measures can be considered.

Many components must work well together to achieve an optimum of protection against malware. However, the most important point is to increase the awareness of employees against cyber attacks. A company’s employees must be conscious of the threats caused by malware. Information about the various malware distribution channels should therefore be integrated into the daily work routine in regular training courses, for example.

To be on the safe side, companies are advised to use a spam filtering service to prevent malicious emails from reaching employees’ email inboxes in the first place. In the unlikely event that a malware program should ever be able to infect an employee’s computer, then an antivirus program is still a useful method of defeating the invader.

Also updates should not only be common for antivirus programs. It is advisable to establish a process that regularly reviews the actuality of the programs used, in order to update them if necessary. Those who stick to these tips are at least less likely to become a victim for cybercriminals.



Additional information:



Advanced Persistent Threats – The invisible threat

Advanced Persistent Threats – The invisible threat

What do the Olympic Winter Games, the Information Network Berlin-Bonn and large companies as well as SMBs have in common? They were and still are targets of highly evolved cyber-attacks that are aiming to spy on and sabotage internal processes and to steal and copy important and secret data. The realization happens as undetected as possible and over a longer period of time. These types of attacks are commonly known as “Advanced Persistent Threat” (APT).

Hornetsecurity News

Stay in touch

Sign up to get the latest News about Cloud Security.

The attacks are presumed as “advanced” because the attacker has large amounts of time and money available and thus gives himself an advantage in terms of access to information and development capacities. For victims, the infiltration of their IT infrastructure is hardly traceable and difficult to discover, so that the intruder can act undetected in the internal network for several weeks or even months. Cybercriminals are often a group of individuals that operate together, and it is not unusual that competitors, organizations or even states are the initiators of those ingenious attacks.

Their objectives differ and range from copying as much detailed information as possible about company internals as well as military and political facts to financial enrichment in terms of financial and credit card theft. In Germany, the Federal Office for the Protection of the Constitution recently warned against a renewed wave of APT attacks targeting German media companies and organizations in the field of chemical weapons research.

In general, cybercrime increases with the ongoing digitalization in companies. According to a recent study by Bitkom on digital espionage, sabotage and data theft, 68 % of the companies surveyed in Germany stated that they had been affected by cybercrime in the last two years (as of October 2018).

Five Stages of an APT Attack

Unlike “common” virus and spam attacks, in which hackers send a large number of infected emails to hit random victims, an APT grouping deliberately seeks a high-ranking target chosen for its objectives. The attackers proceed according to a classic pattern, which can be divided into 5 stages:

1. Exploring and researching

Once a target has been selected, the first phase of the attack is to gather as much information as possible about the company or organization. Hackers are particularly likely to access corporate websites, social media and other sources open to the public to find possible points of entry into the target’s systems.

2. Invasion of the system

If the attacker has gathered a conception of the structure of his target and knows which IP addresses, domains and systems are connected in which way, he will be able to search for vulnerabilities in detail. To finally gain access to the systems of the target, the hackers use various methods: Social engineering, such as CEO fraud & phishing as well as ransomware, blended and targeted attacks are among the best known. Cyber security is not just about computer systems and networks – APT groupings often use the “human factor” as a vulnerability by exploiting human traits such as helpfulness and trust. A recent survey conducted by the Federal Office for Information Security (BSI) revealed that one in six employees would respond to a fake email from the executive floor and disclose sensitive company information.

3. Spying out and spread

As soon as the hackers have access to the system, they usually operate as carefully as possible so as not to attract attention. The company’s security measures and deployed software are identified so that further security holes can be exploited to extend attackers’ access to the network. With the help of keyloggers and the found data, an attempt to find out passwords and thus gain access to other data records and systems is made.

4. Execution of the attack

The perpetrators access the unprotected systems and start to act according to their motivation and objectives for this attack. For example, sensitive company data can be collected over a long period and/or malware can be installed to the IT system. Also, the paralyzing of systems and thus of the operational procedures is an option.

5. Filtering and analysis of the data

The data and information collected is sent to the APT Grouping’s base for analysis. To have further access to the infected system of the company at any time and especially unnoticed, a kind of “back door” can be installed by the attackers.

Detecting and preventing APTs

Regarding such individualized and manual procedures in particular, the focus of IT security should rest on targeted detection and immediate reaction to possible attack attempts. With the daily flood of incoming and outgoing emails, manual monitoring of individual attachments or content indicating CEO fraud, for example, cannot be handled.

With Hornetsecurity Advanced Threat Protection, innovative forensic analysis engines provide real-time monitoring of corporate communications and immediately prevent attacks. The APT service is directly integrated into Email Security Management and offers protection mechanisms such as sandboxing, URL rewriting, URL scanning, freezing and targeted fraud forensics in addition to the spam and virus filter. In the event of an attack, it is important to that a company’s IT security team is immediately notified with specific details about the nature and target of the APT attack, the sender and why the email was intercepted. Thanks to Real Time Alerts, Hornetsecurity ATP is able to inform a company’s IT security team about current attacks. This up-to-date information can be used for countermeasures, so that security gaps can be effectively closed in the shortest possible time and additional protective measures can be set up.

Additional information:


Email archiving and GDPR – the biggest myths at a glance

Email archiving and GDPR – the biggest myths at a glance

Citizens of the European Union have reason to relax: The introduction of the General Data Protection Regulation (GDPR) since May 2018 significantly strengthens the protection of personal data and at the same time initiates a new era of European data protection. But one man’s meat is another man’s poison. Not everyone agrees with the “strictest data protection law in the world”. Companies and organizations that have to implement numerous new policies and guidelines, are annoyed by the significant additional effort and the partly non-transparent regulations.

Since the GDPR also has a direct effect on the handling of emails, there are a few things to consider as well – especially with regard to the issue of email archiving. We show how the GDPR and legally compliant email archiving can be combined and explain the most important myths.

The devil is in the detail

As a company, do I really have to archive all emails and if so, for how long at all? These are typical questions asked by those responsible for implementing the GDPR. At this point, the GoBD (principles for proper management and storage) [only in Germany] play an important role. These principles specify how long emails with certain contents must be archived. It is not uncommon for archiving to be confused with backup, but clear differences must be made here.

While a backup ensures the temporary availability of data and its recovery, archiving has a different function: it guarantees the long-term storage of data on a separate storage medium for documentation purposes. According to the GoBD, an email always has to be archived if it operates instead of a commercial or business letter or a booking document. If the email is only a means of transport and contains, for example, an accounting document as an attachment, only the attached file as such must be retained, but not the email itself. However, a printout of the invoice is not sufficient.

Hornetsecurity News

Stay in touch

Sign up to get the latest News about Cloud Security.

The required retention period for business emails is six to ten years. However, small businesses are excluded from this regulation. The exact storage obligations for the different types of documents can be found in the tax code as well as in the commercial code. The situation is different with private emails: Companies, in which the private use of emails is at least tolerated, may under no circumstances monitor or store the private email communication of employees.

The GoBD also specifies that emails must be archived unmodified. This means that a simple storage of digitized documents at this point is not sufficient. Another misbelief is the storage via the email client. Simply creating a folder and manually moving all emails, that are required to be archived, is not sufficient either. The proper protection against loss or theft is simply missing here. But how can a company implement all these regulations as cost-effectively as possible and save time and resources?

The solution lays in the cloud

If you want to be on the safe side, you can rely on modern email archiving via the cloud. Cloud-based email archiving solutions offer several advantages for companies: they are fully automated, legally compliant and operate without the intervention of internal IT.

Hornetsecurity’s email archiving service, for example, ensures that emails are transferred to the archive fully automatically. A very precise distinction is made between clean mails and spam as well as info mails. The latter of course do not end up in the email archive. The complicated and time-consuming search for archived emails is also prevented by Hornetsecurity’s email archiving service.

Thanks to perfectly coordinated search algorithms, emails can be easily retrieved and filtered via the Hornetsecurity Control Panel. The administration is made easy for IT managers: Only a few clicks are required to manage Aeternum – regardless of whether this involves the import or export of emails or basic settings for the duration of archiving.

Additional information:

Spam emails – There’s life in the old dog yet

Spam emails – There’s life in the old dog yet

Laurence Canter certainly didn’t expect to go down in history one day as a pioneer of spam email. In 1994, the US lawyer was the first person ever to send messages that resemble the character of a spam email today. A computer specialist engaged by Canter and his wife flooded over 6,500 newsgroups on the Internet with advertising for their company. But this was only the beginning of a story that has now been going on for 25 years.

In this blog post you will learn everything about the history of email spam, the damage and dangers it causes and the right protection against unwanted messages.

Key figures on email spam


of global email traffic is spam


of all dangerous spam emails end up in German email inboxes

About Spam, Cybercriminals and Monty Python

Three things that couldn’t be more different: What has Spam got to do with cyber criminals and the comedy group Monty Python? The answer is: a lot. At least if you take a look at the history of email spam.

At the time Canter had his advertising emails sent, the Internet was hardly commercialized. It was therefore absolutely unusual for users to be confronted with advertising in such a direct way. This was reflected in particular in the reaction of the recipients. Therefore the lawyer was very soon confronted with fierce criticism. One user even called for “spam and coconuts to be sent to Canter and Co”. But “Spam” here, however, meant canned meat produced by the food company Hormel Foods, whose product name is an artificial marketing word made up of “spiced ham”. The angry user’s request can therefore be interpreted as an allusion to the content, which is as “soft” in coconuts and canned meat as it is in advertising emails.

The British comedy company Monty Python also contributed to the naming of the spam email. They did a sketch in the 1970s that was set in a pub. The guests of the pub can choose from several dishes, but each one contains spam. Then a horde of Vikings, also dining in the restaurant, starts singing “Spam, Spam, Spam, Spam, Spam, Spam, Spaaaam!”. The frequent and penetrating appearance of the word “spam” within the sketch, finally prompted the usenet forum administrator Joel Furr in 1992 to declare the increasing “garbage contributions” in his forums as “spam”. From then on the term prevailed.

Legendary spam sketch of the British comedy group “Monty Python”

Spam emails in the course of time

If you think that spam emails are a thing of the past, you are wrong. Although cyber criminals are increasingly trying to make life difficult for us with other lucrative fraud methods, such as phishing or ransomware, sending spam emails is still very popular. To put it in numbers: Between July 2017 and July 2018, the proportion of spam e-mails in companies was more than half of the total amount of e-mail traffic generated worldwide. In Germany alone, sending spam consumes as much electricity as a small city.

As if this wasn’t unpleasant enough, the proportion of dangerous spam emails of all email traffic is also increasing significantly. The increased risk potential of modern spam emails is primarily due to significantly improved targeting by spammers. Through targeted addressing and country-specific topics, spam emails appear much more authentic than a few years ago. Not only the quality of spam emails, but also the spammers’ preferred targets have changed.

While only 10 years ago the United States was the main target of attacks, another country has now moved past them: Germany. The proportion of spam emails in Germany has doubled compared to 2010. The main reason for this is probably the very good financial situation of the German population. Spammers expect the most lucrative sources of income here.

How dangerous are spam emails today?

While cybercriminals in the 1990s and 2000s mainly sent emails with advertising intentions, the situation is different today. Especially the sending of ransomware or other malware in email attachments has become very common among criminals.

Spammers use a fake identity to try to force the target to click on an email attachment infected with malicious code. They often claim that there is an unpaid invoice in the appendix. However, when the target opens the file, the ransomware it contains is activated, encrypting all files stored on the hard disk.

Hornetsecurity News

Stay in touch

Sign up to get the latest News about Cloud Security.

Another scam that is often carried out by means of spam emails is phishing. For example, the cybercriminals pretend to be well-known credit institutions. They claim that the customer’s bank account has been blocked for security reasons. To unlock it, the victim has to confirm his access data again. To do this, the target person has to click on a URL that is very similar to the real URL of the bank.

It can only be distinguished from the original by certain additions or another Top Level Domain. Amateurs often have no suspicion and will be forwarded to a website based on the design of the bank via the link. If they comply with the requests and reveal their data there, the cyber criminals will have direct access to the information. Some of the “fake websites” look so deceptively real that they are indistinguishable from the bank’s regular websites.

How do spammers get to my email address?

In order to protect oneself optimally against the flood of unwanted messages, one must first understand under which circumstances they end up in our digital mailbox. The fact is, if you keep your email address to yourself, you should normally not receive any spam emails. We only become the target of spammers when we make our email address publicly accessible on the Internet or entrust it to dubious service providers. But how do spammers actually collect our email addresses?

Spammers use so-called “harvesters”, also known as “spambots”, to search the Internet for specific email addresses. If you still want to publish your email address on the Internet, you can have it converted to Unicode with the help of free service providers on the Internet. Spam bots will then no longer be able to read them.

You should also be careful with unknown Internet providers who promise to make us disclose our data. A good example are websites that lure with competitions and possible money profits. Unfortunately, it is not uncommon that the alleged profit does not even exist and is only used as an excuse. Here, too, you can frequently go directly to the mailing lists of the spammers.

Perfectly protected against email spam – this is how it works

Without a doubt, the proportion of spam emails was significantly higher a good ten years ago at around 90%, but one should not be deceived by this development. Because it’s all about the sophistication of the spammers. They continuously ensure that the risk potential of spam emails increases. Without a professional spam filter which also detects viruses and other threats, employees not only spend a lot of time organizing emails, but are also exposed to constant threats. In addition to links to malicious websites, spam emails may contain malware and phishing links.

Only professional spam filters for companies such as Hornetsecurity’s spam filter service ensure absolutely “clean” mailboxes with spam detection rates of 99.9%. In combination with Advanced Threat Protection, even the most fraudulent attack methods, such as CEO fraud, ransomware and spearphishing are effortlessly excluded. Just during July 2018, about half of all emails scanned by “Advanced Threat Protection” were classified as malicious. The largest part of these emails, more than 90% of malicious emails, is due to dangerous threats, as stated in the Hornetsecurity ATP Analysis of July 2018. Thanks to the intervention of the Hornetsecurity Spamfilter Service and Hornetsecurity ATP, the recipients of these emails were not only fully able to concentrate on their tasks, they were also not exposed to the risk of a “wrong click”. This finally brings peace and quiet to your email inbox.

Additional information:


Successful Product CEO-Fraud – An old scam yet the danger remains present

Successful Product CEO-Fraud – An old scam yet the danger remains present

The publicity around CEO Fraud may have calmed down, yet it is not yet extinct and still remains a serious threat. CEO Fraud, also known as ‘bogus boss’, still leads to digital larceny by deception, and thus causing displeasure and high economic damage for several companies such as a German company in the hessian rural district Groß-Gerau. Unknown cyber criminals were able to capture a sum of $380,000 Euro by successfully using CEO-Fraud. In 2016 alone, the total amount of monetary loss worldwide caused by this scam method was about $3.1 billion US dollars. That matched the profit made by Volkswagen in 2017.

Key figures on CEO Fraud in companies

Million euros a year, a group of cybercriminals captured by CEO Fraud in Germany between 2014 and 2017


success rate in CEO fraud attacks according to Info Security Magazine

How is it possible that the success rate of cyber criminals is still extraordinarily high even several years after its discovery as a tool used by cyber criminals? In the following text we will look at the procedures and the sophisticated fraud techniques of the offenders in order to improve the comprehension of the success of the scam.

Perfect Planning is half the battle: The Preparatory Stage of the CEO-Fraud

The target of CEO-Fraud is usually one single person. In most cases, an employee in the accounting department with direct authority to execute bank transfers. In order to execute the scam and make it appear as authentic as possible, extraordinarily good preparation is needed at the start of the scam. The magic word here is Social Engineering. Social Engineering means cyber criminals try to gather as much information as possible about their victim. They find such information on social media channels like Facebook, Linkedin or Xing. Most of the time, it’s easy to acquire personal information such as job title, place of work or even the complete organigram of a company.

Cheating and Feinting: The Offensive Stage of CEO Fraud

If the blackmailer has gathered enough information on their target they make the first contact and begin the offensive stage of CEO Fraud. The offenders now must accomplish a certain familiarity with the targeted subject. They do this by referring to current topics of the company in their email. This topic could be an upcoming acquisition or the latestsales figureswhich can be withdrawn from previous press releases.

To put the crown on the scam, some cyber criminals create an email address that is similar to the one of the CEO. In this connection, it is a perfidious trick to replace certain letters with letters that look extraordinarily similar. The letter L in mueller@examplecompany can for instance be easily replaced by a capital I. For the ordinary person, this scam also known as Spoofing can only be recognized by close scrutiny.

Another trick utilized by cyber criminals is the use of an existing emal communication. For example, if the offender knows with which person the CEO of a company usually communicates with and what topics are usually discussed, the perpetrator can counterfeit such communication. Fake logos and email signatures complete the picture of a completely legitimate email communication.

It’s in the email itself where cyber criminals dig deep into their bag of psychological tricks in order to initiate the transactions they desire. A commendation for the work of the targeted subject or the buildup of pressure can be used to trick the subject. Often, the offenders pretend to need a transfer of money to be sent as quickly as possible because an important and discreet deal could fail. It must be discreetso the targeted subject does not inform other colleagues about this affair which could end the scam.

What accounts for the success of the scam?

Hornetsecurity News

Stay in touch

Sign up to get the latest News about Cloud Security.

In most cyber attacks, employees are the largest risk factor. The Federal Office for Security and IT (in German: Bundesamt für Sicherheit und Informationstechnik, short: BSI) has previously warned the public about the careless handling of personal data. However, companies contribute to this by publishing a multitude of information on social networks for marketing purposes. Just like that, the offenders have little difficulty accumulating a substantial amount of information to assist in the success of their scam.

Another crucial factor of the scam is the psychological component. Cyber criminals specifically and shamelessly exploit emotions like respect and trust for a manager or owner of a business in order to manipulate their victims.

How do I protect my company from CEO Fraud?

A healthy amount of skepticism and the right education are the essentials in the battle against the bogus boss. From the perspective of a company, it makes sense to work against the ignorance of many employees with regular cyber threat information or training events. This way, the tricks of the scammers like the scrambled letters or fake signatures can be specifically pointed out.

Also, the use of an email encryption service provides relief since a fake or missing signature automatically attracts attention. For thosewho are not sure despite all these precautionary measures a telephonic reinsurance from the pretended sender of the email is useful. This requires a smallinvestment of time and can prevent a possible scam from even taking place.

Meanwhile, there are instruments and methods to deter such fraudulent emails ending up in the inboxes of the employees. Managed Security Services, like the Advanced Threat Protection by Hornetsecurity are able to see through complex attack patterns like the CEO-Fraud and block it in the forefront using sophisticated forensic systems. Once an attack is detected, ATP sends an automatic notification to the security personnel responsible for thwarting such an attack. The result, CEO-Fraud and other scams have no chance of success and your employees can focus all of their attention on their important tasks once again.

Additional information: