Your inbox is under attack. The FBI has issued yet another warning ahead of the holidays, highlighting an alarming surge in email and website threats, just as multiple cyber reports claim this is the most dangerous holiday season yet. Even though Google “blocks more than 99.9% of spam, phishing and malware in Gmail,” it’s not enough. But now change is on the way. And for Gmail’s 2.5 billion users, 2025 looks like being the year your email address should finally change.

“With more than 2.5 billion users,” Gmail, the world’s largest email provider, is now deploying “ground-breaking AI models [to] significantly strengthen Gmail cyber-defenses, including a new LLM trained on phishing, malware and spam.” But as McAfee has just warned, that AI revolution works both ways. “As AI continues to mature and become increasingly accessible, cybercriminals are using it to create scams that are more convincing, personalized, and harder to detect.”

Email remains an appallingly basic technology. Despite all its advances, the core architecture remains the same. Anyone can access anyone else’s inbox with just an email address. Those addresses are basically given away for free—harvested, leaked, stored, searchable. This month, Mailmodo says, “spam messages [will] account for more than 46.8% of email traffic.”This is why enterprises are looking for new solutions—Teams, Slack, even instant messaging platforms. because even with all the advances and the “outside sender” and “untrusted sender” warnings, too many emails get through.

The answer is to restore some semblance of address security and not give away real email addresses like confetti—a situation made worse given email address are often a primary user credential alongside passwords to log into sites and services. Apple has tried to address this with Hide My Email, “to keep your personal email address private… you can generate unique, random email addresses that forward to your personal email account, so you don’t have to share your real email address when filling out forms or signing up for newsletters on the web, or when sending email.”

And as I reported in November, Google is developing something similar for Gmail. Discovered by Android Authority in an Android APK teardown, “Shielded Email consists of a system to create single-use or limited-use email aliases that will forward messages along to your primary account.”

This is a major step forwards and you should make use of this when it arrives—as should Apple users now. Just look at one warning issued to marketeers when Hide My Email was released: “Now users can create a limitless number of fake addresses they don’t even check, dramatically reducing engagement. And, worse still, they can easily deactivate them without affecting their primary email, meaning marketing databases could be full of ‘dead’ addresses. This is important because a low deliverability rate can affect sender reputation, meaning your carefully crafted campaign ends up in spam.”

While Google assures that “by spotting patterns and responding rapidly, [its Gmail] LLM alone blocks 20% more spam than before and reviews 1,000 times more user-reported spam daily,” the threat will get worse again in 2025. McAfee says that “AI is giving cybercriminals the ability to easily create more personalized and convincing emails and messages that look like they’re from trusted sources, such as banks, employers, or even family members. They can craft these scams quickly and with precision, making them more difficult to detect and increasing their success rate. As AI tools become more accessible, these types of attacks are expected to grow in sophistication and frequency.”

Email must change—and not just by improving central screening technologies. We need a radically different approach to include the following:

  1. On-device AI to flag spam and malicious email that has made it through central screening to inboxes. Too many emails still make it though, even though the actual email address and the presentational “sender” address don’t match, with the latter a clear impersonation. How is it possible in 2024 that my inbox contains emails from ‘Apple Support’ or ‘X verification,’ when the senders have random email addresses such as ‘sayio[at]hosai.co.jp’.
  2. A better opt-in, known sender solution—mimicking secure messaging. Even the differentiation of trusted and unknown senders is too basic. There needs to be better deployment of AI or an easy-button for user to opt into a trusted discussion and advocate for a sender.
  3. Rather than upping the ante centrally, email security needs to do a better front-end (device-side) job. This is where safe browsing and malware defenses are now heading, making use of new device AI processing. Email needs a complete rethink to do the same.

In the meantime, users need to take control. Yes, you need to use Hide My Email or Gmail’s new Shielded Email as soon as it’s available. But if you have an email address that has been doing the rounds for years, then it has become a honey trap for spam and worse.

It’s time to come up with something new, an email address you will better protect through multiple, throw-away, masked addresses, without giving that primary address away. Using new email masking technologies is undermined if the primary address they link to has already been harvested, sold and leaked. With 2025 just days away and threats surging, maybe make email housekeeping one of your New Year resolutions and think about the risks associated with the addresses you’re using now.

Share.

Leave A Reply

Exit mobile version