Nicole Lee No Comments

SPAM & Phishing

What is SPAM?

If you spend most of your time on the internet, you would have heard of the terms ‘SPAM’ and ‘phishing’. But what is SPAM and phishing?

SPAM is unsolicited, unwanted junk, bulk messages sent to a wide audience. These are usually sent for commercial purposes as the cost of one email is extremely low.  Interestingly, the term ‘SPAM’ was thought to have come from a Monty Python skit where the menu becomes increasingly SPAM orientated (See here).

There are many different types of SPAM ranging from messaging SPAM to SEO SPAM. We will be discussing mainly email SPAM in this article.

How to distinguish SPAM and Phishing?

This image is an example of a phishing email, depicting how phishers will pose as well-known companies in order to gain your trust
Example of a phishing email

How can you tell if an email is genuine, especially if the phishers are imitating genuine large companies or even someone you know?

You can check the email address to make sure they are who they say they are. In the example above, you can see that the email address is (this is not Amazon). And if you hover over the link they want you to follow, you will see that it does not take you to Amazon.

If an email seems suspicious, this is what you can do to protect yourself and your data:

  • Check the email address; does it match who they say they are?
  • If the email is suspicious, DO NOT click on any links or images.
  • Hover over links to see where they will actually take you.
  • Do not open attachments from unknown senders.

SPAM examples

SPAM comes in many different forms.  The most common types that you may find in your email junk folder (or inbox if your SPAM filter is not tuned well) are as follows:

  • Health and medical services; alternative medicines, dietary pills, or even a miracle cure.  These products are most certainly empty promises, but it still doesn’t stop the SPAM emails.
  • Tech and internet; software and hardware offers, electronics ads, internet, and mobile services, etc.
  • Service enrolment; long-term services like education programmes or insurance.
  • Financial services and investments; debt assistance, low-interest loans, or even free money!

As mentioned before, SPAM emails are mostly used by companies as commercial advertisements because the cost of one email is so low, but it can reach such a wide audience compared to the more traditional advertising on TV or magazines hence it is an economical way for companies to reach large audiences.

SPAM VS Phishing

But what’s the difference between SPAM and phishing?

They are both unsolicited, unwanted emails.  The main difference is the intent behind the emails.  Although irritating and unsolicited, most SPAM emails are not out to hurt you but rather intended to sell you a product or service; they are advertising legitimate businesses.

What is phishing?

Phishing, however, has a much more malicious intent behind it.  Phishers are looking to gain access to your device and personal information, and to use this knowledge for nefarious purposes. There are many types of phishing, including:

  • Email Phishing – The attacker can install malware or viruses on your computer if you click on the links, or open any attachments, and type in your credentials. These are often bulk emails to thousands of users.
  • Whaling – Often the attacker has researched the executives of a company and sends emails pretending to be them, these often require colleagues to send money transfers or voucher codes to the attacker.
  • Vishing – Voice phishing; scammers will call and try to obtain your personal information (no, the caller isn’t really from the HMRC, Microsoft, or Amazon!)
  • Spear Phishing – Attackers have done their research on the recipient via company websites, social media, etc., and can carry out targeted attacks. These campaigns can be very convincing in order to get your personal information, credentials, and other sensitive information.
  • Evil Twin – Attackers can setup WiFi hotspots that look like company or coffee shop WiFi and then steal data and credentials form people connecting to it.

How to recognise phishing?

Some of the points to look out for are:

  1. Does the email call look to good to be true or require immediate, urgent action?
  2. Hackers often disguise themselves as someone you can trust, e.g. the bank, a large well-known company, or a colleague. Does the email address and website link match what you would expect? Is the tone and grammar of the communication what you expect? (please see the example above)
  3. Were you expecting the email or communication? If suspicious, contact the sender by other means to check it is valid.
  4. Never put in your credentials to a site linked from an email unless you are sure it is genuine, if in doubt don’t do it!

Common tactics of spam & phishing

Have you ever received an email saying you’ve won a competition even though you never applied to one before?  Or perhaps you’ve received an email stating that your computer has been hacked and you need to download an anti-virus to prevent further damage. Have you had an email asking you to reset your password?  Have you heard of the Nigerian Prince?

These are common tactics of a phishing email.  They usually sound urgent so that you feel like you need to act quickly, but that’s how they get you.  These emails would entice you to click a link, download something, fill in a form, put in your password or even complete a payment. That is all they need to gain access.

The image shows two examples of phishing whereby they use the sense of urgency to make you feel like you need to act quickly
Examples of phishing

With the plethora of social media sites, and how much of an online presence the average person has, phishers have access to more personal information than ever.  This means that they can tailor their attacks to their target’s needs, wants, and life circumstances.  In turn, this would lead to identity or financial theft, even corporate espionage, or data theft.

Click here to watch how quickly a phishing attack can spread.

How can you help prevent SPAM and phishing?

SPAM and phishing emails do not have to be part of your daily life.  You can reduce the amount of SPAM emails you get and stop them coming into your inbox.  Here are some tips on how you could do that:

  • Mark unwanted emails as SPAM, try and avoid unsubscribe links, these just prove you are reading them.
  • Keep it private.  Spammers find contact information online so try to keep your online presence as private as you can. Attackers will use information like your phone number and physical address.
  • If someone you know sent you SPAM, let them know. Let a trusted contact know if you’ve received a SPAM email from them, as their account may have been hacked and used for spamming. Keep yourself and others safe.
  • Keep your software and security measures up to date and make it hard for Spammers to try and exploit any vulnerabilities.
  • Consider tuning the anti-SPAM and Anti Phishing rules on your email service.
  • Consider company wide user awareness training for phishing emails, we have a number of options that can help.

If you would like to discuss ways on improving your cyber security, please contact us.

Click here to read our previous article on cyber security.