Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Spam vs. Phishing: What Is the Difference?

Both spam and phishing are related to social engineering, a general term for any activity in which an attacker is trying to manipulate you into revealing personal information. Passwords, account credentials, social security numbers--you should always think twice before giving out this information. Always verify who is really on the other end of the line.

What is spam?

Spam is unsolicited and unwanted junk email sent out in bulk to a wholesale recipient list. Typically, spam is sent for commercial purposes. However, spam email can also contain a malicious attempt to gain access to your computer, so email security becomes an important defense.

What is phishing?

Phishing is a common type of cyber attack that everyone should learn about to protect themselves. Phishing attacks are fraudulent communications that appear to come from a reputable source. The goal is to trick the recipient into giving away sensitive data or to install malware in the form of spyware on the victim's system. Spear phishing is a form of phishing that targets one specific, high-profile individual.

How do spam and phishing work?

While people often view spam email as unethical, many businesses still use spam email for commercial purposes, as the cost per email is incredibly low and businesses can send out mass quantities consistently. Spam also can be sent in massive volume by botnets, which are networks of infected computers.

Phishing starts with a fraudulent email or other communication that is designed to lure a victim. The message is made to look as though it comes from a trusted sender. If it fools the victim, he or she is coaxed into providing confidential information, often on a scam website. Sometimes malware is also downloaded onto the victim's computer.

Both spam and phishing are related to social engineering, a general term for any activity in which an attacker is trying to manipulate you into revealing personal information. Passwords, account credentials, social security numbers – you should think twice before giving out this information. Always verify who’s really on the other end of the line.

How do I prevent spam and phishing attacks?

Email is the number one threat vector today. Here are steps for protecting against spam email and phishing scams.

8 tips to stop phishing (PDF)

To combat the millions of daily email threats and advanced threats requires constant vigilance and tested cyber security solutions. Cisco Email Security is your defense against phishing and business email compromise, including blocking phishing and spam and other common tactics used to steal information. Learn how solutions like AMP for Endpoints block malware at the point of entry.