Phishing vs Spam


Most of us receive phishing and spam email daily, both in personal inboxes and GatorMail. To best protect yourself and cut down on unwanted emails, it is important to understand the differences between phishing emails and spam emails.

Phishing

As outlined in our phishing resources, phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by impersonating oneself as a trustworthy entity in a digital communication. In other words, it is a form of social engineering, by which a malicious actor pretends to be someone they’re not in order to convince a user to divulge personal information.

Some key giveaways that a message is phishing include:

  • Spelling and grammar errors
  • Instilled sense of urgency / providing a strict deadline to act
  • Generic greetings such as “Dear Customer,”
  • Encouraging the recipient to respond, click a link, or call

If you receive a phishing email in your GatorMail inbox, you should report it using the Phish Alert button, so that IT staff can block the sender from sending more emails to the UF network. If you receive a phishing communication via another channel, such as a personal inbox, text/instant message, or phone call, you should report the communication to the service provider the message was received on. That way, they can take action to prevent other users from receiving the same message.

An email with tags of examples of phishing.

Spam

Like phishing, spam emails are often unsolicited communications that encourage you to take action. However, they are not attempting to steal your information. Instead, they usually come from a legitimate business looking to sell you something.

When you receive spam communications you no longer wish to receive, the easiest way to make them stop is to unsubscribe. Most text message spam allows you to reply “STOP” to bring an end to those communications. Spam emails typically have an “unsubscribe” button at the bottom of the message which you can click to remove yourself from the sender’s messaging list. Just be sure that the email is not phishing before clicking unsubscribe, because some phishing messages will also have an unsubscribe button which actually takes you to the sender’s malicious website!

In the event you cannot unsubscribe, you can report the message to your provider to help them identify the message as Spam or Junk. Spam emails should NOT be reported using the Phish Alert button, but they can be reported in to your email client, messaging app, or carrier depending on where the communication occurred.

Spam

Additional Resources