Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 8 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Spam and Phishing – Spot the Difference

by The Gurus
February 22, 2016
in Opinions & Analysis
Share on FacebookShare on Twitter

I had a very interesting conversation recently about emails, and what the difference between Spam and Phishing actually is.
One person openly stated that all messages received were treated with suspicion, which is of course the ideal approach, but that anything that was even remotely dodgy was immediately labelled as Phishing and deleted. Here’s the rub – is it one and the same?
Previously I’d argue not, as actually I see them as two very different problems, but earlier this week this conviction was challenged. 
The Same but Very Different
To me, Spam is electronic junk mail. It floods my inbox offering me things I don’t want, and sending me newsletters I’ve never asked for. It’s annoying but on its own it’s harmless.
Phishing, while having the same characteristics as Spam – as in I don’t want it and didn’t ask for it, has the critical difference that its primary intention is malicious. Behind every phishing message is a criminal trying to trick me into doing something that will harm my computer or into revealing something that I shouldn’t.
A case in point is the ransomware attack suffered by Lincolnshire County Council in January. Its systems were held hostage after someone inadvertently interacted with a phishing message, downloading a previously unseen ransomware variant, which then set about encrypting PCs and servers.
While a backup will often render ransomware redundant, without it organisations are left with a moral dilemma – to pay or not to pay? Troy Gill, security manager of AppRiver believes, “Feeding the fire by paying these guys should be avoided if at all possible. If you’ve been the victim of a ransomware attack, and you’re contemplating paying, keep in mind that the only reason these thieves keep making these attacks is because people are paying them. If all of the victims stopped paying ransoms, they wouldn’t have a successful business model, whose core objective is to steal your money.”
Another view is that of Rohyt Belani, CEO of PhishMe who adds “The size of the ransom demanded isn’t the issue everyone should be preoccupied with. We should all be taking steps to equip humans – employees – with the conditioning needed to avoid falling victim to attacks that shut down entire IT systems, interfere with critical communications and extort money.”
And that’s true. For Phishing to be damaging someone has to interact with it. But is this also true for Spam? 
Is Spam always innocent?
And it’s here that things start to get murky.
While I previously believed Spam to be relatively harmless – and I still hold this belief when it arrives in my inbox, what about when it carries my name and arrives in someone else’s inbox? Suddenly it’s not so innocuous any more.
Frustratingly that’s exactly what happened earlier this week. One of my colleagues alerted me to a message that she’d received that purported to be from me, but it hadn’t come from any of my email aliases. If my name was Jane Smith then it might have gone past unnoticed, but the fact is I have a very distinctive name, and so it didn’t.
Specialising in security, as we do, both of us looking at the message immediately identified it as Spam and so the message was consigned to the trashcan, but what about someone else who may not have been trained to spot the warning flags. Could they then label me as a fine purveyor of Spam? What about if this was taken a step further and the message contained a malicious file or a forged link? Could this potentially harm my reputation?
Deciding to take action, I requested the input from one of the trusted security experts I interact with. Unfortunately his response was far from reassuring. Jonathan French, security analyst at AppRiver confirmed, “Spoofing names is common and easy to do. There’s not much you can really do about something like that as it’s a tactic to just try to get a user interested enough to click and open the message.”
The only saving grace is that it hadn’t been sent from my actual email address. However, Jonathan suggested that to not always be true as scammers can ‘spoof’ domain names. His recommendation is for organisations to “Have something in place that can help receiving servers identify spoofed messages.” While it won’t stop my name being used in vain, it could prevent someone trusting the message and clicking it blindly.
So there we have it, my name is associated with Spam. Suddenly I don’t see it as a benign nuisance, but instead it’s a reputation eroding menace – and I can do nothing about it.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Android malware spread via porn websites to generate fake ad revenue

Next Post

FBI Director Denies Wanting To Create A Backdoor Into The iPhone

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information