Spam and phishing emails: what they are and how to identify them

A man’s finger is pointing at a transparent email symbol

Spam and phishing emails are more than a nuisance. They can be genuinely costly.

It’s estimated that nearly 85% of all emails are spam and cost businesses roughly $5 billion annually.

Phishing, on the other hand, is one of the primary tools of the ever-growing cybercrime industry. Phishing, a form of social engineering, aims to steal sensitive information for exploitation, halting productivity and causing both reputable and financial damages.

However, businesses are not helpless against these attacks. By understanding what spam and phishing are, companies can arm themselves against them.

WEBIT Services has helped clients build effective security habits for over 25 years. It is passionate about cybersecurity strategy, tools, and education to help clients succeed in the war on cybercrime.

By the end of this article, you will know the definition of spam and phishing, the dangers they pose, why they are increasing, and how to identify and address these messages.

What are spam and phishing emails?

You may receive two kinds of unwanted emails: spam and phishing.

“Spam” describes emails from a wholesale recipient list for commercial purposes. It is the electronic equivalent of “junk mail” and can be time-consuming to sift through. Many times, these messages are irritating but harmless. On occasion, they carry malicious software.

“Phishing" is a kind of social engineering. Its goal is to convince users to give up sensitive information.  Phishing emails are often disguised as messages from legitimate sources. Links and attachments are often infected with malware, viruses, spyware, or ransomware.

Both spam and phishing emails pose threats to productivity and data security.

Why spam and phishing emails are increasing

Both phishing and spam emails date back to the 1990s. Since their creation, these techniques have continued to be popular among cybercriminals. In 2016, it was estimated that 91% of cyber-attacks were due to phishing emails.

When the COVID-19 lockdowns sent everyone home, we spent more time on the internet than ever before. Unfortunately, cybercriminals didn’t take time off during lockdowns. In fact, their activity increased.

This uptick in activity is attributed to three factors: the growing popularity of cryptocurrencies such as bitcoin, increased usage of personal devices, and the ease of growing profits through cybercrime.

The rise of bitcoin

With the rise of cryptocurrency, cybercriminals became even more motivated to gain access to secure networks. Unlike other currencies, bitcoin and other crypto-currencies are nearly impossible to trace. Previously, authorities could track funds used to pay cybercriminals. Now, cryptocurrency allows cybercriminals to remain elusive.

Unprotected hardware and connections

During lockdowns, many employees suddenly had to work from home. Many businesses found themselves unprepared for a mass exodus requiring more laptops than they had on hand. In response, many employees worked from their personal computers, which lacked the protection of professional hardware.

Unfortunately, this again provided easy targets for cybercriminals. Personal computers lacked professional endpoint protection but were connected to company networks. All a cybercriminal needs are for one employee to click one malicious or give up one login, and they can access company data for exploitation.

Minimum effort, maximum profit

With more and more customers shopping online, spammers saw an opportunity to make quick, easy money. Spam messages saw a massive increase during COVID-19 lockdowns. Spam and phishing emails increased by 220% during the height of the pandemic in autumn 2020.

With phishing, the rise of bitcoin and unprotected connections created greater opportunities for cybercriminals. The cybercrime industry is estimated to have over $1.5 trillion. The average price of a data breach is roughly $4.24 million. With numbers like that, cybercriminals have no incentive to slow down.

Email inboxes saw an increase in malicious and tedious messages from cybercriminals looking for a quick, easy profit.

Preventing spam and phishing attacks

Spam clogs inboxes, taking up valuable time to shift through them. Phishing could lead to a data breach, and both potentially carry malicious software.

While we can’t prevent them entirely from appearing in your inbox, there are two methods for decreasing risk: email tools and employee education to identify potentially harmful messages.


Your IT provider can recommend software tools to help keep spam and phishing out of your inbox as much as possible.

  • Spam & Phishing Filters
    Email filter programs will quarantine messages from suspicious sources automatically. This will decrease any employee time spent shifting through odd messages. They will also block harmful attachments from reaching your inbox.
  • Protecting your email with SPF, DKIM, & DMARC
    If your email infrastructure implements all three protocols correctly, you have a much better chance that messages can’t be easily forged and that you can block them from clogging your users’ inboxes.
  • Reporting Tools
    Image of a red logo button and the words "Report phishing" beneath itPhish prevention tools often include a “Report Phishing” button right within the email program. If an employee receives a suspicious email, they can just click the button to report it.
    If it is a phishing attempt, the domain name and email address will be “blacklisted”—caught by the filter, so no future messages from that address or domain come through.
    If it is a harmless email, it is released back into the employee’s inbox with peace of mind.
  • Conduct phishing tests
    Your IT provider or internal IT department can send fake phishing emails to test employees. Analyzing the results of these tests is an important step in determining who needs additional training and how effective that training is.

Recognizing harmful messages

While tools can help catch the bulk of harmful messages, employees must know how to identify spam and phishing emails that may slip through.

All employees must know never to click links or open attachments from unknown or suspicious looking senders. If the email is a phishing attempt, clicking the link or opening an attachment will result in a data breach or activating malicious software like malware or viruses.

Once upon a time, it was easy to spot phishing emails. Simply look for poor grammar and a badly copied logo.

However, phishing is becoming more sophisticated. Cybercriminals now sell and purchase “phishing kits” on the dark web. These kits allow hackers to mimic trusted brands in their emails and email links convincingly.

Some of the popular brands mimicked include:

  • Paypal
  • Microsoft
  • Facebook
  • FedEx
  • eBay
  • Amazon

Even with stylized advancements, phishing emails are identified by their intent: asking the recipient to give them sensitive information. This may be account logins or personal information they can use to impersonate the user.

Here are five common phishing email characteristics:

  1. Does the email come from a recognized domain?
    Check the email address and domain name. If the domain name seems off or unfamiliar, it could be a phishing attempt. Watch this short video on how to test domain names.
  2. Is the email oddly urgent?
    Many phishing attempts threaten account deactivation or other “emergencies” so that users click a link and submit their login or personal information.
  3. Inspect links to make sure they go to legitimate domains.
    For instance, does the email link asking you to log into your account match your standard login page URL? If not, it’s likely a phishing attempt.
  4. Is the email asking for money or offering free money?
    Phishing attempts sometimes appear as a friend or stranger asking for aid and offering a reward. If it seems to be from a person or organization you know, call them to verify before clicking anything.
  5. Can you verify with the sender or trusted source?
    If the email appears to be from an associate, partner, vendor, or helpdesk, contact them directly to verify that they sent the email.

The best policy for dealing with odd emails is to report them to your IT provider helpdesk.

When in doubt, never click a link or open an attachment from a suspicious email. You could endanger your entire organization if it’s a phishing email or malicious spam.

Next steps to decrease spam and phishing

Even though spam and phishing emails have existed for over 30 years, their attacks are becoming more frequent and costly. This is partly due to increased internet activity, the rise of cryptocurrency, and the growing sophistication of social engineering.

Businesses can decrease spam and phishing in their inbox using proper tools and filters. They can also reduce successful phishing attempts by educating their employees to recognize and report phishing emails.

Key phishing traits include:

  1. Strange domains and URLs
  2. Urgency
  3. Links to incorrect domains
  4. Asking for or offering money
  5. Unverified senders

Of course, links or attachments from unrecognized sources should never be opened. If they are a phishing attempt, they will expose your organization to malicious software and potential attacks.

For over 25 years, WEBIT Services has helped clients build effective cybersecurity strategies and practices.

Talk to your IT provider or internal IT department to learn more about email tools and filters. They can help match you with the best software for your business needs.

If you are looking for a new IT provider, schedule a free 30-minute consultation with WEBIT Services to see if it can help.

To learn more about cybersecurity practices, these articles are a good place to start: