Emotet Fraud - suggestions by Data-Warehouse

Emotet Fraud - suggestions by Data-Warehouse

Are you affected by the current scam attack of Emotet?

Is the sender hacked?

Not for sure. The Emotet typically uses old mail adresses which were gathered through former leaks.

Where is the data from?

It is not clear where the data is from. There could be several sources like the network traffic routing through russia (The data includes millions of emails adresses), several hacks of websites. The routing was a few years ago and the timeline fits to the data.

Is there a GDPR implication?

Typically not as long you are not hacked by the Emotet Ransomware and the emails are not sent by your servers.  This can be detected by the full header of the email with the sending server and the mail route. Even this could be faked, but is too much efford and is usually not checked by the receipient.

How can i detect a fake mail? What can i do?

1.) Humanfirewall

  1. Fits the content to the time and the sender?
  2. Do i expect this invoice/mail/application?
  3. Why does someone send a Word Document instead of PDF?
  4. Reassure a .doc document by asking the sender if he/she had sent it


2.) Technical details

  1. What is the origin of the mail? Do i have business with this country?
  2. Deactivate not trusted countries as accepted senders.
  3. Deactivate active elemts of office documents (macros, etc.)
  4. Improve/Update/configure your spam system
  5. Use trusted e-mail server communications
  6. Manage your IT-Trust relations
  7. Check the Log-Files for false-positives


First and most important since years: Deaktivate all active Office Macros and Scripts! Then educate your people!

Document Actions