top of page
  • Admin

GMX.net Free Email Accounts Attack Orgs With Phishing

Published: January 23, 2023 on our newsletter Security Fraud News & Alerts Newsletter.



The saying “imitation is the sincerest form of flattery” has been around for centuries. But today, that saying takes on new meaning, especially having to do with cybercrime fraud. More often than not, victims pay the price for email phishing “imitation” campaigns, also called “brand impersonation,” aka fraud. Researchers at GreatHorn finds these fraudsters using free email accounts to phish organization employees, creating a whopping 768% jump in these crimes from May to July of 2022.


Global Mail eXchange, or GMX.net, is an email service offering to register 10 email accounts to each user at no cost. GreatHorn found these free email accounts are being leveraged by hackers to impersonate popular delivery services, including brands FedEx, Amazon, Zoom, DropBox, WeTransfer, and DocuSign. In fact, they find these six brands account for nearly all, 92.8%, of all email phishing impersonation attacks this year.


Spoof Emails Look Legit


Impersonation or “spoofing” attacks trick email recipients into providing sensitive information a hacker can use, call a phone number that’s hacker-controlled, provide a link to a hacker-controlled spoofed web page, and carry malware-filled attachments. The appearance of legitimacy can hook a phish, and the hacker wants to reel it in. GreatHorn finds links in 88% of spoof emails having a GMX.net domain. Another 12% contain a lone but malicious .zip file that bypasses email security controls.



In addition to exploiting GMX.net, GreatHorn found these attacks able to bypass Google Workspace and Microsoft 365 security, allowing the emails and their malware attachments to land in an employee’s inbox. Their research finds personal email addresses, including from Gmail and others, make up about 1% of all emails delivered to an organization.


It Takes Two


No matter how many phishing emails land in an inbox, they’re ineffective until an employee opens and acts on it. It takes two for these attacks to work, and that’s why responsibility falls to an organization to educate employees of all levels about phishing emails. Staffers are the first and last line of defense against these emails and a cyber-smart employee can spot email phishing red flags, stopping an attack in its tracks.


Clues someone’s phishing:

  • Misspelled words

  • Poor grammar

  • Improper use of the language the message is written in

  • Blurred or outdated graphics and images

  • Attachments or links that are not expected

  • There’s a sense of urgency that if you don’t click, something bad will happen

  • When hovering over a link with the mouse pointer, it goes somewhere unexpected

  • The sender is unknown or has not contacted you in a long time


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

bottom of page