Spam vs. Phishing

What is the difference between spam and phishing?

The difference between spam and phishing is that, while they both may be inbox-clogging nuisances, only one (phishing) is actively aiming to steal login credentials and other sensitive data. Spam is a tactic for hawking goods and services by sending unsolicited emails to bulk lists. While annoying, spamming is not nearly as dangerous as phishing, which tries to trick a user in divulging sensitive information.

Phishing has evolved. Learn 11 ways hackers are angling for your data and how to protect yourself in this guide.

What is spam?

Spam is called junk mail for good reason. It’s existed for almost as long as the internet itself as a means of selling products or services to a larger market of buyers than have ever expressed interest in those products or services. After obtaining the email addresses of a huge number of individuals, spammers bulk send their offers hundreds or thousands at a time. 

Common types of spam include prayer chain forwards, coupons, adult content, donation solicitations, and unwanted newsletters. They are usually commercial in nature and not expressly malicious. The CAN-SPAM Act of 2013 helped to lessen the problem of spam by mandating opt-out links and requiring senders to promptly honor those opt-outs.


What is phishing?

Whereas spam is simply unwanted, phishing is expressly designed by a malignant actor to harm a company or individual by obtaining sensitive information. It often takes the form of a seemingly legitimate-looking message from a trusted sender. Phishing emails target banking credentials, passwords, cash advances, or other information of value. Identity theft often results. 

Signs of phishing email include:

  • Misspelled words
  • Discrepancies between the language of links and the URLs they direct to
  • Requests for personal information
  • Forms within emails
  • Highly emotional or charged language

You can also protect yourself against phishing attempts by:

  • Knowing common signs of phishing scams
  • Not providing personal information via email. If you’re unsure if an email is legitimate, always refer to the sender’s website.
  • Not opening messages from unknown senders
  • Varying passwords
  • Employing an up-to-date antivirus solution 

For more information on phishing and how to stop it, visit our page on best practices for avoiding phishing scams

To keep your users up to speed on the latest threats and the signs you may be a target, visit the Webroot® Security Awareness Training page.



Find the right cybersecurity solution for you.