AI Arms Race: the evolving battle between email spam and spam filters

padlock representing security
OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)

Most email users will be unaware of this, but there is an Arms Race taking place behind the scenes of their inbox. In 2023, our security systems registered an average of 1.5 billion spam or phishing emails every single week. In the same period the previous year, the figure was 1.2 billion messages. Spam messages have increased by 25% in just one year. Despite these huge numbers, the vast majority of spam and phishing emails still never even reach the user’s inbox. That is a huge amount of messages to process and filter. Imagine how clogged email inboxes would be if email providers did not commit significant resources every year to detect and filter out these potentially dangerous emails.

The sad truth is that, as long as there is money to be made, scammers will always exist. Email scammers are no different. They are continually innovating to find new ways to trick people into sharing personal information, installing malware or making an erroneous payment. Spam has come a long way from the poor design and clumsy writing of those earliest messages. Today’s spam mails are often professionally designed and cover a wide range of topics. They increasingly latch onto the latest money-making trends such as cryptocurrency or forex trading, use messages that are intended to intimidate or frighten the recipient, or even appeal to their conscience by posing as a charity whenever a natural disaster or conflict is prominent in the news cycle.

Arne Allisat

Head of Email Security at GMX and mail.com.

“Hey ChatGPT, let’s make some spam”

There is only one main reason for the 25% rise in spam in just one year: Artificial Intelligence (AI). While 2023 was often declared as the year of AI, spammers would most likely agree. There are now AI-supported tools on the darknet that make it particularly easy to create and send spam. These tools can be used to set up a spam server or a phishing page almost fully automatically. Although this spam is usually clumsy and easy for us to recognize, the volume is increasing significantly. We are also seeing an increase in text quality in phishing emails: new large language AI models such as ChatGPT help criminals to formulate better and tailor their messages more individually to the recipients.

Always adapting to the latest trends, shopping habits or news topics, the most common spam messages last year posed as parcel services, vouchers, and war-related emails. Notably, deceptive emails from purported parcel senders, such as Amazon, Royal Mail, UPS, and others, attempted to create a false sense of urgency by claiming a customs fee was required for the delivery of a shipment. These fraudulent messages directed recipients to click on a link, leading them to a payment portal where they were prompted to pay the alleged fee. This cunning tactic not only allowed cybercriminals to acquire monetary gains but also facilitated the illicit acquisition of sensitive information, including credit card details and login credentials for online payment services.

Another prevalent scheme involves counterfeit emails purportedly sent by payment service providers such as PayPal or online banks. Unsuspecting victims receive emails designed to closely mimic the authentic layout of the original communications. Within these deceptive emails, a hyperlink is provided, ostensibly for the victim to log in and review a payment transaction, for instance. Clicking on the link directs the victim to a counterfeit login page, often nearly identical to the legitimate one. Upon entering genuine login credentials, this information is promptly transmitted to the perpetrators.

The overall frequency of phishing attacks is on the rise, with cybercriminals employing various tactics to gain unauthorized access to victims' email accounts. These tactics may include deceptive service emails from the email provider, enticing victims to inadvertently disclose their login details when attempting to access their mailboxes.

AI spam vs AI spam filters

Spammers aren’t the only ones to leverage AI. Our spam filters also use AI to filter out the majority of spam and phishing emails before they reach a user’s inbox. Machine Learning (ML), a branch of Artificial Intelligence, has proved to be highly effective in detecting new spam patterns. The ML based filters train both on the existing data of recognised spam mails, and on trends that they discover in every new spam wave. This way they can also cope with “data noise”, i.e. gigantic amount of hidden email content – a now common method used by spam senders to trick basic spam algorithms.

However, with new tactics being devised all the time, we are locked in a permanent Arms Race. As the spammers get more sophisticated and leverage the latest tools (including AI) to make their emails more difficult to detect, our Spam Protection Team is continually refining and tweaking our spam filters to stay on top of the barrage of spam.

Play your part: Humans can help AI

Protection against spam and phishing is based on two pillars: The global security and spam filter systems for all mailboxes and the individual spam filters that each user can train in their own email account. The global security systems use special parameters to recognize potentially dangerous emails as soon as they enter our mail system. These emails are immediately classified as spam and sent to the spam folders. The individual spam filters, on the other hand, are being trained when users mark suspicious emails in the inbox as "spam". This enables the system to learn even better which senders are unwanted or potentially dangerous and filter out the messages in future. This information then also benefits the global filters.

While email providers employ teams of security professionals to continually train and develop their AI algorithms to better detect spam, user engagement is still indispensable. With each feedback on whether an email in their inbox is spam, or perhaps the one in their spam folder is “ham”, users help us protect all email accounts. This way we can maintain our strong defenses in the hidden Arms Race with spam.

We've featured the best online cybersecurity course.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Arne Allisat is Head of Email Security at GMX and mail.com.

TOPICS