Sharp Increase in AI-Generated Spam Emails

The two 1&1 subsidiaries GMX and WEB.DE registered around 1.5 billion emails per week as spam or phishing in the first eight months of 2023. This is nearly 40 percent more than the previous year. The significant increase is primarily attributed to AI-generated spam emails.

The former competitors WEB.DE and GMX, both now under the umbrella of 1&1 AG and United Internet, are the largest email providers in the German-speaking region. And when they present figures like these, it carries weight. Together, they identified around 1.5 billion spam and phishing emails per week from January to August 2023, compared to 1.1 billion per week the previous year. This resulted in a nearly 40 percent increase in spam and phishing emails.

Phishing is a portmanteau of fishing and phreaking (from telephone freak), originally from the era of coin-operated payphones, where so-called hackers managed to establish or manipulate free phone connections through whistling or technical aids. Today, it is the most common tactic used by hackers or criminal gangs to gain access to bank details or passwords via email.

Be Cautious with Emails from “Parcel Services”

The most common tactic affecting many private users for some time now is the request to pay customs duties for a specific parcel or to disclose their own bank details along with passwords. Increasingly, there is no human behind this, but an artificial intelligence, as Arne Allisat, the email security chief of the two providers, revealed: “The recent developments in artificial intelligence have kept our spam defense busy in recent months,” he said.

Allisat further stated in the WEB.DE Newsroom: “On the one hand, there are now AI-supported tools in the darknet that make sending spam particularly easy. With these tools, a spam server or a phishing site can almost be set up fully automatically. This spam is often crude and easy for us to recognize, but the volume is significantly increasing. On the other hand, we see an increase in the text quality of phishing emails: New language AI models like ChatGPT help criminals to write better and tailor their messages more individually to the recipients.”

AI Arms Race Already in Full Swing

Meanwhile, according to WEB.DE online, there is an outright AI arms race taking place. Because cyber defense has also been upgraded. And thus, “suspicious spam patterns could be recognized earlier and the mailboxes of our users better protected,” said the security expert from WEB.DE and GMX. Emails identified as spam or phishing are thus neutralized by the two providers and assigned to the users’ spam folders. As an additional security measure, links in spam emails can no longer be clicked, and executable program code is suppressed by default, according to the news. Legitimate companies use this code, for example, for harmless animations in newsletters, but cybercriminals can also use it to smuggle in viruses and other malware.

“Virus Spreaders” Anti-Virus Spam

In addition to the aforementioned tactic of sending emails that appear to be from parcel services, anti-virus spam is also becoming more prevalent. The victims receive an email supposedly from a reputable antivirus manufacturer, stating that their PC is infected, with a request to follow a specific link to download and install a program for the alleged removal of viruses. Instead, they download a Trojan horse onto their computer, which infects it.

According to WEB.DE, the third most popular tactic of spam senders is a classic: advertising for diet medications or dietary supplements, with offers for keto diets, for example, which were very popular in spring 2023. However, the links contained in these often lead to viruses or phishing forms, through which cybercriminals attempt to gain access to payment data or logins to online shopping platforms like Amazon.

Don’t Simply Delete Spam from the Inbox!

A study conducted by WEB.DE and GMX in collaboration with YouGov warns against deleting spam emails from the regular inbox, as 60 percent of users do, because more and more spammers recognize that they are correct at this address when spam comes in the form of AI, and thus send even more spam. It is better to first move the emails identified as spam to the designated spam folder, where they are isolated as such and can then be deleted without harm.

As email security chief Arne Allisat says, each mailbox has its own filter system. “If you don’t simply delete an email in the inbox but mark it as spam, the filter system recognizes that you no longer want messages from this sender in the future.” At the same time, the filter systems also learn that spam is being sent from a particular sender to protect users from it.

TL;DR

GMX and WEB.DE record 1.5 billion spam emails per week – a 40 percent increase over the previous year
AI tools from the darknet enable the almost fully automatic setup of spam servers and phishing sites
Spam emails should never be deleted directly from the inbox but always marked as spam so that the filter systems learn

Key Facts

Spam Volume 2023: 1.5 billion spam and phishing emails per week at GMX and WEB.DE

Increase: Nearly 40 percent more than the previous year (2022: 1.1 billion/week)

Top Tactics: Fake parcel service emails, anti-virus spam with Trojan, diet advertising with phishing links

AI Influence: Language models like ChatGPT significantly improve the text quality of phishing emails

Fact: German companies invest an average of 14 percent of their IT budget in cybersecurity, according to Bitkom.

Fact: Globally, there is a shortage of over 3.4 million cybersecurity professionals, according to ISC2.

Frequently Asked Questions

Why is AI-generated spam increasing so rapidly?

AI-supported tools available in the darknet enable the nearly fully automatic setup of spam servers and phishing sites. Additionally, language models improve the text quality, making phishing emails more individualized and convincing.

How should spam emails be handled correctly?

Spam emails should not be deleted from the inbox but moved to the spam folder. This way, the filter system learns to automatically block future emails from this sender.

Which spam tactics are currently the most common?

The three most common tactics are fake parcel service notifications, fake anti-virus warnings with Trojan downloads, and advertising for diet products with embedded phishing links.

How do GMX and WEB.DE protect their users?

Identified spam emails are neutralized and moved to the spam folder. Links in spam emails are deactivated, and executable program code is suppressed by default.

Can AI spam still be recognized?

Yes, but it is becoming more difficult. The email providers are also upgrading their own AI-based spam detection – an outright AI arms race between attackers and defenders is underway.