Differences Between Spam and Phishing Emails

| Comments

Sometimes people send me spam mail and tell me they are being phished. Sometimes people ignore phishing emails thinking they are spam. Let’s try to understand the differences of the two.


Spam is:

Unsolicited e-mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups; junk e-mail.

Phishing is:

To request confidential information over the Internet under false pretenses in order to fraudulently obtain credit card numbers, passwords, or other personal data.

Spam Vs Phishing

Here are some key differences.

  • Phishing emails are usually targeted to a person. They will often have the person’s name already in the email. Spam is more likely to be less personal.
  • Phishing usually has a sense of urgency. There may be language like “free to first 50 people”. Spam may not be so immediate.
  • Phishing usually is trying to get you to click a malicious link or reply to an email (instead of making a phone call).
  • Phishing links often contain malware or are intended to trick you. Spam links are often to legitimate services and websites that want to sell you a product.
  • Phishing emails are sent much less frequent than spam.
  • Phishing emails often are impersonating another company or someone you know. For instance an email that looks like it’s from your bank but really not. Spam emails usually don’t impersonate or try to trick you into thinking they are someone else.


Sample Spam Email

First of all this email isn’t even to me, it’s to someone else and I’m in the bcc field. This email looks like it can be sent to thousands of people and not just me. Lastly, the link does in fact take you to a dating site so it’s really just an advertisement.

Sample Phishing Email

This email looks like it came from Google and I have a new message. This makes it feel like it’s directed only to me. But looking at the from address, you can see it’s not from Google. Hovering over the links all show that it doesn’t take you to a Google website either.

infosec, phishing, spam