Phishing, Spoofing and Spam . . . Oh My!

The words phishing, spoofing and spam are all too common these days, but exactly what do they mean and how can the everyday user protect themselves from such frustration that is caused by these types of emails?

But first, before you can understand how to avoid them, let’s review exactly what they are and how they are used.

  • Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. (
  • Spear phishing are phishing attempts directed at specific individuals or companies. Attackers gather personal information about their target to increase their probability of success. This is the most successful technique on the internet today, accounting for 91% of attacks. (
  • E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. (
  • Spam emails are unsolicited bulk e-mail messages of content that is unwanted or unrequested by the recipient. Spam messages are mostly advertising, but can include chain letters, political and other non-commercial mailings. (

So, what’s the difference?

Phishing emails attempt to get the users private information by providing a link to a bogus website where the user is asked to enter sensitive account information, while spoofing emails trick users into clicking on a link in the official looking, yet counterfeit email, which will download malware onto their system. Spam emails are annoying and can at times contain a virus, but are mostly used by companies for advertising purposes and are sent to several end-users at once.

Now, what can you do to identify them?

  1. Identify who sent it. Don’t be fooled by the display name, dig down to the actual email address. This is the #1 tactic among cybercriminals. Legitimate companies send emails through a server based out of their company website. If you see a long string of numbers as the sender before the @ or a free email service before the .com you should question the legitimacy of the email. In the end, check the sender’s email address and if the domain name looks suspicious – don’t open it.
  2. Hover, don’t click. Most emails have links, but before you click - hover. When you hover your mouse over the link the full web address will pop up. Again, if it looks odd do not click.
  3. Check for spelling. Cybercriminals weren’t English majors. Are there rampant grammatical and spelling errors? Don’t give these emails the time of day.
  4. Too personal? If an email asks for any of your personal information, immediately flag it as spam. All institutions you have relationships with have all of the information they need on hand and will never ask for your personal information through email.
  5. Too urgent? Beware of emails that give you a sense of urgency, like “account suspended”, “unauthorized login attempt” or “times running out”. This is a phishing tactic. Do not fall for it.

Are you have trouble with these type of emails getting through your spam filter? We are here to help. Call us and we can evaluate your situation and provide a quick and easy solution.