Welcome to an article explaining the difference between spam and phishing emails.
There’s a good chance you know at least one person that doesn’t take digital security seriously. Let’s compare digital security to real-life examples; for instance, you wouldn’t hand your passport to someone who’s trying to steal your identity or walk a person trying to take your money to the bank and give them full access to all your accounts. These examples can happen in the digital world as similar details can be online. Nowadays banking information, personal health information and government information can be processed online. For example, in many countries you can renew your driver’s license online.
We’ll cover what is a spam email, phishing email, and a grey area where it’s hard to tell the difference between them and lastly best practice for avoiding phishing email threats (it’s easier than you might think).
Spam Emails
Spam emails are not malicious in intent, they’re simply annoying. They’re usually designed to sell you something. For example, you could receive an email to attend a webinar for $5 on how to beat the mortgage crisis or another example being links to a 2-hour flash sale of airline tickets. Both will have legitimate links and services of what they’re selling.
Spam is equivalent to junk mail (not junk email), you know the type you get in your mailbox. For instance, here in southern Ontario, Canada we get real estate ads everyday from the same real estate agents which is a complete waste of paper as I just toss them into the recycle immediately.
Phishing Emails
Phishing emails are malicious, they’re evil, and they’re bad. Just delete them, ignore them, basically don’t interact with them at all. Phishing emails have costed people and businesses hundreds of millions of dollars globally only in the last couple of years.
To give a real-life example comparison of phishing emails, it’s like someone coming to your house door saying they’re going to inspect your furnace and they’re doing it for everyone in the neighbourhood. You let them in the door, suddenly they tie you up and take all your shoes and money (maybe they have a shoe fetish or something). You call the police, the police ask you why you called about stolen shoes, and you reply, “No, my money was stolen… and my shoes”.
Back to reality, phishing emails usually try to collect information from you like your banking information. You might receive an email saying your bank account is locked and to click the link in the email to unlock and enter your banking information. The website could even take you to a website that might download a virus or ransomware.
In some cases, phishing emails won’t even have a link to click. The email might state your new tax information is in the attached pdf, after you download the attached file, a virus installs instead and it’s game over.
Usually (emphasize on usually), you can tell what a phishing email is. Often, phishing emails will have all capital letters in the subject line stating the urgency to open the email, although legit emails (like from government entities or banks) won’t email with all capital letters in the subject line. The email body could have poor grammar, such as poor spelling, capital letters in the wrong spot, etc.
Phishing emails will often have URLs in the body for you to click on. For example, if your bank is Jumanjo (for whatever reason that’s the name of your pretend bank) and there’s a link in the email body saying it goes to Jumanjo’s website, except if you hover the link with your mouse it’ll go to “evilwebsite.com”. Most browsers and email apps will allow you to hover your mouse over the URL and it’ll show where it’s actually going to send you. Never just click a link, always check it first.
Another thing to look at for is the email sending domain. Using the Jumanjo example, emails should come from @jumanjo.com, but a phishing email might send it from @jumanjo2.com.
Some phishing emails might look legitimate, such as receiving an email to attend a webinar on mortgage rates. You might be thinking, “Hey, wasn’t a webinar email used as an example to explain spam?” You’re right but like I wrote earlier, phishing emails are usually easy to spot but it’s getting a bit harder. For example, if you get a phishing email from Jumanjo Bank and there’s a link to login and “fix” your account issues, the Jumanjo URL should be jumanjo.com but in the phishing email it might actually direct to jumanjoo.com. Notice the phishing URL spelt with 2 o’s at the end, so it’s very similar to the actual URL and hard to notice the difference.
How to Avoid Phishing
The above article explained what spam and phishing emails are, but we left phishing with a tricky situation, phishing emails are becoming a bit more sophisticated, they look more legitimate than ever.
How do you tell the difference between spam and phishing emails and how do you avoid phishing emails? It’s easy, I’ll give my personal process. Spam emails: I don’t like them, I don’t want them, I hate them, so I ignore them or delete them immediately from my inbox. Phishing emails: I don’t like them, I don’t want them, I hate them, so I ignore them or delete them immediately from my inbox. Notice the pattern? If spam and phishing emails both aren’t wanted but phishing can cause havoc, just ignore, or delete all unwanted email (regardless it’s spam or phishing). It’s that simple!
The point is, just be smart with your emails.
