The flood of spam in German email inboxes is increasing. Fake messages from parcel services are particularly dangerous – the providers react with special tricks.
The two largest German email providers, web.de and GMX, registered around 1.9 billion spam emails per week in the third quarter of 2024. This represents an increase of 35 percent compared to the same period last year, when around 1.4 billion such messages were filtered every week. Fake emails from parcel companies and false customer service messages are particularly noticeable.
According to a joint press release from the two companies, which belong to United Internet, the spam emails no longer only come from misused accounts from large providers such as Microsoft or Gmail. “We are currently seeing that attackers are breaking into the systems of small and medium-sized cloud and hosting providers in other European countries,” explains Arne Allisat from web.de and GMX.
Fraudsters particularly often fake messages from parcel services such as DHL, Hermes or DPD. The fake emails inform recipients about packages that are supposedly being held in customs. Users are supposed to pay a processing fee via a link so that the package is forwarded. However, the link in the email leads to a fraudulent site through which online criminals steal money and personal information.
Another popular scam is “customer service phishing,” in which fraudsters pose as the email provider’s customer service and ask users to log into their account via a link. This gives the fraudsters access to additional email accounts, which they misuse for sending spam or online shopping.
To combat the flood of spam, email providers are increasingly relying on artificial intelligence. “AI has radically changed the world of spam in the last two years – for the attackers, but also for us on the defender side,” explains Allisat. Accordingly, the AI-supported analysis systems could decide within milliseconds how many emails a sender server can send in a certain time. A sudden increase in this amount is a clear indication that spam is being sent.
Another important component of spam defense is the so-called “Reject and Defer Policy”. The delivery of suspicious emails is rejected or delayed as soon as the connection is established. In this case, reputable senders will try again later.
The criminals, on the other hand, are under time pressure because they can lose access to hijacked email servers at any time. Therefore, they try to deliver their spam emails the first time. This allows the providers to detect and block almost all fraudulent messages with a detection rate of 99.9 percent.