Spam accounted for almost 47% of all emails worldwide in 2023. Let’s take a moment to address the fact that in that same year, internet users sent about 347 billion emails per day. Multiply that by 365 days, and you are looking at an astronomical number of spam emails. In fact, you likely have already come across one today! Whether you can identify it as spam or not is another story.

While most of us know or have heard of spam emails, many people might not know exactly what it is. Or how it compares with other types of social engineering, such as phishing. Social engineering and malware are on the rise in today’s age of technological advancements. The more we rely on internet usage, the more risk we face when doing something as simple as opening an email. 

One second you think you are opening a link to see the status of a late UPS package, the next you are dealing with your stolen personal information. Hackers can easily steal your information through social engineering, such as your social security number, credit card number, address, and more.

So today, we are going to explore exactly what spam is, and how it compares to other forms of malware. Specifically, how it compares to phishing, as the two methods of social engineering are so similar.

• What is Phishing?

• What is Spam?

• Is Phishing or Spam More Dangerous?

• How to Avoid Phishing and Spam

• Conclusion

Let’s start with the more intimidating of the two threats. Phishing is a very common form of cyber attack that tricks the recipient into giving away their personal information. These types of emails also pose a serious threat by prompting victims to unknowingly install malware on their computers.

In 2023, phishing once again reigned as the most common kind of cybercrime in the United States. What makes phishing so dangerous, is how realistic and personalized the emails can be. With this form of malware, emails appear to come from a reputable source or even a person the victim might know. This tactic further tempts victims to take the bait.

Here are a few different types of phishing:

• Email Phishing: The most basic form of phishing. You get an email from what seems to be a reputable source, asking for your information through links or invasive malware.

• Spear Phishing: This malicious email specifically targets a person. The hacker uses the victim’s personal information such as name, place of employment, or even family member names to gain their trust.

• Whaling: Like spear phishing, whaling also targets a specific victim. Although these victims are senior management employees of companies. Because these leaders tend to have more of their information online, this allows the hacker to more easily personalize their email and make it look convincing.

If you ever get a message about canned meat, do NOT open it… it’s spam.

Alright, now that I got that out of my system, let’s talk about what internet spam really is.

Jokes aside, spam is universally understood as being annoying and invasive. To put it in simple terms, these emails are just unsolicited junk mail. These emails get sent in bulk to whoever is on the wholesale recipient list.

This form of commercial marketing dates back to the very beginnings of the Internet itself. Spammers use this tactic as a means of selling their products or services to a larger market of buyers, who beforehand expressed interest in similar goods. This is a great way for companies to “get their product out there” so to speak, although many see it as unethical. This is because the price per spam email is extremely low and businesses can send hundreds (or even thousands) at a time.

Common types of spam include:

• Ads.

• Chain letters.

• Hoaxes.

• Donation solicitations.

• Unwanted newsletters.

• Adult content.

When it comes to comparing phishing and spam, there isn’t much of a difference. Both take the form of an email, both have underlying alternative motives, and both are from people you don’t know.

However, the one difference is the nature of the email. For instance, spam is not inherently malicious. Often, it is just an annoyance in your inbox, reminding you of a sale coming up from a store that you went to one time a decade ago.

Phishing, on the other hand, has a design meant specifically to cause harm. The entire purpose of this tactic is to obtain an individual’s or company’s sensitive information for monetary gain.

Avoiding spam is next to impossible, so let’s just get that out in the open. Luckily, this is the invasive email that isn’t likely to cost you your sensitive information or drain your bank account. Unless you’re like me and take advantage of those darn coupons my favorite stores keep sending me.

Anyway, thanks to the CAN-SPAM Act of 2013, you can now opt out of those tempting ads. This is the best way to avoid spam, as senders are now legally required to offer the opt out setting.

Avoiding phishing is a completely different (and more complicated) dilemma. Phishing is not regulated by the government and, therefore is not held to any particular standard. The best way to avoid this and other forms of malware is by prevention.

You can protect yourself from phishing scams by knowing common signs of phishing emails which include:

• Misspellings.

• Discrepancies between the language of email and the URL they direct to.

• Specific requests for sensitive information.

• Forms for filling out your information within the email.

• Emotionally charged verbiage.

You can also protect yourself from becoming a phishing scam victim by not providing personal information through email. You should also make sure whoever is requesting this information is actually who they say they are. If you are ever in doubt that an email is legitimate, pick up the phone and call the sender to verify or refer to their website. If you don’t recognize the sender, always make sure you keep your guard up.

Phishing attacks can not only affect individuals but entire organizations as well. When considering your organization’s cybersecurity defenses, make sure to emphasize the importance of preventative training to your employees. Incorporating phishing simulations as a part of your regular training keeps your employees up to date on the latest cybersecurity threats.

When in doubt, refer to the SLAM method. This acronym covers the basic signs to look for when deciding whether a strange email is a phishing scam. The letters stand for the following:

• Sender: Analyze the sender’s email address. Look for any inconsistencies or misspellings. These are a few signs someone might not be who they say they are.

• Links: Hover over links before clicking them to further investigate the URL. Again, check for misspellings and inconsistencies. These often point to the alleged organization/sender being fake

• Attachments: Avoid blindly opening attachments. Make sure the sender is legit before taking a leap of faith! If you need to double check with the seder as to whether the email is legit or not, we always suggest doing that.

• Messages: Pay attention to the content of the email. Real companies use spell check and other tools to ensure proper grammar in their emails. Receiving an email with lots of grammatical errors and misspellings should raise red flags that this might not be who they say they are.

Navigating your inbox doesn’t have to be a source of anxiety for you. It may seem overwhelming, especially when deciphering between what is a real email, what is just spam, and what is a legitimate threat.

But keeping you and your employees up to date with the latest cyber threats can help ensure your sensitive information stays safe. Enforcing regular and updated training, along with periodic phishing simulations can help you hold your team accountable for their part in keeping your company secure.