Spam vs. Phishing… what’s the difference?

Just as the internet makes it easier to accomplish many things, such as banking, research, planning travel, shopping, and much more, it also makes it easier for scammers to carry out their virtual crimes. Thus, impacting our real-life finances, security, and peace of mind. Cyber criminals now have become quite savvy in their attempt to lure people in and get you to click on a link or open an attachment.

Spam and phishing is all about this!

Let’s get started and understand the difference between most common types of frauds on the internet today, i.e. Spam and Phishing.

So, what exactly is Spam? Spam or junk mail is an unsolicited email that tries to sell you a product or service. Spammers send their messages to hundreds, thousands or even millions of email addresses at once with the hope that at least a few people will respond. Spams are mostly used for commercial advertising, often for dubious products, get rich quick schemes or quasi-legal services.

Have a look at few examples of Spam:

  • Travel scams
  • Greeting card scams
  • Lottery scam
  • A guaranteed bank loan or credit card scam
  • Hitman scam
  • Fake antivirus software.

Phishing emails, on the other hand, is a specific type of spam or a cyber crime that tries to trick you into giving your information, such as banking or credit card details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss. Sometimes it is referred as spear phishing targeted with specific personal information related to your company or colleague.

The difference is that spammers do not attempt to acquire sensitive information!

Few examples and characteristics of phishing include:

  • Highly lucrative and eye-catching statements that attract people’s attention immediately. For example, you may receive an email saying you have won an Amazon gift card worth $100 or you may receive a State Treasurer email stating you have funds in your name and for you to claim it. Always remember to be very cautious and not click on such emails.
  • One of the favorite phishing tactics is to cleverly disguise malicious websites to look like legitimate ones, such as a login page for a banking website. After you enter your username and password, the information gets stolen and used to steal your bank information.
  • Infected Attachments. There are 2 types (1) HTML Attachments which are infected .html files that are present in your inbox and (2) Macros with Payloads that contain documents as attachments that require you to enable macros to open the attached documents. If you open these attachments and/or enable these macros, the attack on your system by the cyber criminals will be successful.

In the most recent phishing attacks, we have seen similar emails, even from DocuSign, which is one of the most popular digital signature service: http://m107136blogp01.azurewebsites.net/2017/05/26/docusign-data-breach-led-to-targeted-email-malware-campaign/

To avoid being a victim of such attacks, we need to be aware of the following:

  • DON’T reveal personal or financial information in an
  • DO check the security of the website before sending sensitive information over the Internet.
  • DO pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling, language or a different domain (e.g., “.net” when it should be “.com”).
  • DO verify if the email request you received is legitimate by contacting the company directly.