Arne Allisat, Head of Email Security, GMX and mail.com, explores the new methods that spammers are deploying to fool spam filters – and how to protect yourself.
Spam is on the rise. While email users may not have noticed any significant difference in their inbox, this is because of a hidden arms race taking place behind the scenes. Email providers have no choice but to commit significant resources to combating spam every year so that email users can focus on the messages that are really relevant. This means that the vast majority of spam and phishing emails will never reach the inbox.
In 2023, the GMX and mail.com security systems registered an average of 1.5 billion spam or phishing emails every single week. In the same period the previous year, the figure was 1.2 billion messages, showing that spam messages have increased by 25% in just one year. But what is driving this increase in spam, what are email providers doing to protect users against it, and what can everyone do to help?
The rise of AI spam
As long as there is money to be made, scammers will always exist. Email scammers are no different. They are continually innovating to find new ways to trick people into sharing personal information, installing malware or making an erroneous payment.
For decades, spam could be easily recognised by its poor design, clumsy sales pitch and spelling mistakes. But today, spam mails are often professionally designed and cover a wide range of topics. Spam senders increasingly pick up on the latest money-making trends, such as cryptocurrency or forex trading, use messages that are intended to intimidate or frighten the recipient, or even appeal to their conscience by posing as a charity whenever a natural disaster or conflict is prominent in the news cycle.
But what was behind such a significant increase in spam last year? There is only one answer:artificial intelligence (AI). While 2023 can in retrospect be declared as the year of AI, the spammers would most likely agree too.
On the one hand, there are now AI-supported tools on the darknet that make it particularly easy to send spam. These tools can be used to set up a spam server or a phishing page almost fully automatically. Although this spam is usually clumsy and easy for us to recognise, the volume is increasing significantly. We are also seeing an increase in text quality in phishing emails: new large language AI models such as ChatGPT help criminals to formulate better and tailor their messages more individually to the recipients.
In keeping with their constant evolution to jump on the latest trends, parcel services, vouchers and war-related emails were amongst the most common spam messages sent last year. Fake emails from parcel senders give the impression that, for example, a customs fee must be paid for the delivery of a shipment from Amazon, Royal Mail, UPS and co. A link in the email takes the recipient to a payment portal to pay a fee. In this way, the online criminals not only get the money, but also obtain credit card details or logins for online payment services.
Another common scam is fake emails from payment service providers such as PayPal or online banks. Victims receive an email with a layout that looks deceptively similar to the original. The email then contains a link that the victim is supposed to use to log in, for example to check a payment. The link leads to a fake login page, which is often almost indistinguishable from the original. As soon as you enter your real user name and password, this data is immediately sent to the perpetrators. Phishing attacks in general are on the rise, with criminals trying to gain access to their victims’ email inboxes. These can be fake service emails from the email provider, which are used to log into your mailbox, and you have already passed on your login details without meaning to.
AI spam vs AI spam filters
Spammers aren’t the only ones to use AI. Our spam filters use AI as well to filter out the majority of spam and phishing emails before they reach a user’s inbox. Machine learning (ML), a branch of AI, has proved to be highly effective in detecting new spam patterns. The ML based filters train both on the existing data of recognised spam mails, and on trends that they discover in every new spam wave. This way they can also cope with ‘data noise’, i.e. gigantic amount of hidden email content – a now common method used by spam senders to trick basic spam algorithms.
However, with new tactics being devised all the time, we are locked in a permanent arms race. As the spammers get more sophisticated and leverage the latest tools (including AI) to make their emails more difficult to detect, our Spam Protection Team is continually refining and tweaking our spam filters to stay on top of the barrage of spam.
Humans help AI
At GMX and mail.com, protection against spam and phishing is based on two pillars: the global security and spam filter systems for all mailboxes and the individual spam filters that each user can train in their own email account.
The global security systems use special parameters to recognise potentially dangerous emails as soon as they enter our mail system. These emails are immediately classified as spam and sent to the spam folders. The individual spam filters, on the other hand, are being trained when users mark suspicious emails in the inbox as ‘spam’. This enables the system to learn even better which senders are unwanted or potentially dangerous and filter out the messages in future. This information then also benefits the global filters.
While email providers employ teams of security professionals to continually train and develop their AI algorithms to better detect spam, user engagement is still indispensable. With each feedback on whether an email in their inbox is spam, or perhaps the one in their spam folder is ‘ham’, users help us protect all email accounts. This way we can maintain our strong defences in the hidden arms race with spam.