Spam vs. Phishing: Definitions, Overview & Examples


Spam is usually defined as unsolicited commercial e-mail, often from someone trying to sell something. Spammers are not generally trying to get sensitive information from you, although they may try to elicit personal information to add to their database for future spam attempts. According to Statista, spam messages account for 48.16 percent of email traffic worldwide. The most common types of spam email analyzed in 2017 were healthcare and dating spam. The estimate from Talos Intelligence is even more grim: 85 percent of email volume in May 2018 was spam.

Phishing is not limited to email. Other types of phishing include voice phishing, tabnabbing, SMS phishing, Evil Twins, link manipulation on websites and other social engineering techniques. In this article, we will focus on email phishing. This is most assuredly a malicious attack with the intent of luring a victim into disclosing personal (preferably financial) information, with a view to stealing their identity (e.g. passwords and user identification details), and their money.

As reported by Dark Reading, PhishMe found that 91 percent of cyberattacks start with a phish. A study by Symantec confirmed this, stating that 95 percent of all attacks on enterprise networks are the result of successful spearphishing.

We shall see these definitions are not quite as clear-cut as they seem, nor universally agreed on. In this article, we will examine both definitions and provide examples of each.

But, first let’s take a look at junk mail, spam and phishing, and what to know about each of them.

Also see: The Best Techniques to Avoid Phishing Scams

Junk Mail


Definitions of junk mail from Business Dictionary, Market Business News and Merriam-Webster all agree that junk mail is unsolicited, of a commercial nature, usually sent in bulk, and can be either sent by snail (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Penny Hoelscher. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)