Third Branch eNews

In a world where cyber threats are constantly evolving, distinguishing between harmless spam and dangerous phishing attempts has never been more crucial. While both types of emails can clutter your inbox, phishing attacks are far more insidious, designed to deceive and defraud. Understanding the subtle yet critical differences between these two can be the key to safeguarding your personal information and staying secure online.

Telling the difference between phishing and spam emails

Phishing is a type of fraud that happens when a bad actor uses email to trick you into giving them financial or personal information. The email usually appears to come from a legitimate company or individual and often contains a link to a fake website designed to steal user account, personal, or financial information. Sometimes these emails contain attachments with malicious content.

Spam emails are unsolicited or unwanted junk emails sent to a bulk recipient list. Typically, it is sent for commercial purposes and includes information and website links. While spam can clog up an inbox, it is not intended to be malicious.

So, how can we tell the difference? While it can certainly be challenging to know whether you've received a phishing email or spam, the following key differences can help you make a determination.

Phishing emails:

• Are usually unexpected
• Often include urgent or intimidating language encouraging you to act quickly. For example, a phishing email may threaten account suspension or legal action, alert you to "suspicious account activity," or offer unrealistic promises like large sums of money.
• Encourage you to click on a malicious link or download an attachment with phrases like "verify your account information" or "view important information." Recent trends include emails urging you to click on DropBox and Google Drive links.
• Encourage you to reply with personal or account information
• Are often more formal in tone.
• Frequently have poor grammar and spelling errors, although this is less common as AI becomes more prevalent.
• Spoof the sender's address to make it look like the email is from a trusted source.

Spam emails:

• Have commercial or promotional content.
• Are more casual in tone.
• Usually have a generic sender address.

How can you protect yourself?

One of the best ways to protect yourself from spam and phishing is to be on the lookout for emails that look suspicious.

• Use the information above to help determine if an email is a phish or spam.
  Look for clues to help identify a phishing or spam email.
• Use spam filters.
  Most email providers and workplaces provide spam filtering that can help protect you from malicious emails. These tools also often allow you to report suspicious emails to your email provider or IT department.
• Report suspicious work emails to your IT department
  Reporting these emails allows your IT department to assist you in determining if an email is a phish, spam, or a legitimate message. If you believe an email is spam, you can delete it and do not need to report it.
• Keep your computing device up to date and use antivirus software.
  System updates for your device and antivirus can help protect you from threats spread through phishing emails.
• Don’t click on links or open attachments from a suspicious email.
  Hover over links in an email to see the URL, and do not click on links that look suspicious. If you are not expecting an email attachment, it is safest not to open the attachment.
• Don’t reply to a suspicious email.
  Replying to a suspicious email can put you at greater risk for a subsequent cyber-attack.
• Delete the email from your inbox.
  Phishing emails should be deleted so you don’t inadvertently click on a possibly malicious link in the future.
• Don’t use your work email for anything personal or non-work related.
  To protect your workplace, avoid using your work email address to join website lists or download content from websites.

Phishing and spam emails continue to impact individuals, government, and private industry. Being able to identify and distinguish between phishing and spam emails and act appropriately is the best way to protect yourself and your workplace from becoming the victim of a cybercrime. If you suspect that you have been the victim of phishing after clicking on a link, entering your credentials on a suspicious site, or opening a file, it is critical that you contact your IT department immediately. Timely reporting to your IT department is crucial in limiting exposure and protecting yourself and your workplace.