diff --git a/README.md b/README.md
index 27d8751..6fe8802 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,8 @@ With malware causing havoc across the globe, this browser extension is a PoC for
 - Hightlight and open the URL in a new tab  
 - Not AV detects it, file download is blocked, and the browser is redirected to 127.0.0.1  
 
+**NOTE: Out of the box, this will block the majority of Emotet (or other file download) that has a cookie name built with the PHP uniqid function (or something similar) in the Set-Cookie header. This PoC can be strengthened by adding other indicators found in the response (or request) headers to avoid false-positives.**  
+
 ![Not Anti-Virus](https://raw.githubusercontent.com/ecstatic-nobel/Not-Anti-virus/master/notav.gif)  
 
 Support: notav [at] protonmail