The Target Fraud Forensic Filter is one of three mechanisms comprising Hornetsecurity ATP.

The service is responsible for identifying and preventing spear phishing attacks that target mainly departments or single persons in the company having the authority to release any possible bank transfers.


The filter will use a multitude of different heuristics and mechanism to identify such emails:

  • Intention Recognition System: Checks the email for any content patterns (e.g. requests for bank transferral, requesting sensitive information, etc.)
  • Fraud Attempt Analysis: Checks the integrity and authenticity of meta data and mail content
  • Identity Spoofing Recognition: Identifies and blocks faked senders
  • Spy-Out Detection: Checks if any sensitive information is requested (e.g. passwords)
  • Feign Facts Identification: Checks the email for any attempts to gain information by feign facts
  • Targeted Attack Detection: Detects aimed attacks towards a specific person


The Target Fraud Forensic Filter as well as the URL Rewriting will need to be enabled through our customer support. Enabling the ATP filter through the Control Panel will not be sufficient.

The mechanism is only intended to cover a few decision-makers within the company. There will be no global check on the domain. The customer support will need a list of email addresses to be checked on in order to enable the service for you.