How Phishing and Spam Go Hand in Hand

Anyone with an email account will agree that spam is a huge problem. Despite new technology and state-of-the-art filters, these junk messages still manage to find themselves in your inbox. A good portion of spam messages are delivered by legitimate companies and regular people looking to market themselves with a product or service. However, many of them aren't so innocent and pose a great threat to your personal data. That spam message might not be an advertisement at all, but a virus, or even worse, a phishing scam.

The Basis of Phishing

Although the instant messaging system has also been abused, most phishing scams originate via email in the form of spam messages. On first glance, these messages appear to have been sent by legitimate companies, perhaps someonewith whom you have a business relationship. This could be your ISP, financial institution or credit card company. Some of the most prominent commercial companies have been used in phishing scams including PayPal, eBay and Wells Fargo. More recently, con artists have reached a new low by initiating scams targeting the families of deceased Army soldiers.

Most phishing emails ask that you verify or update your account information. Some will attempt to alarm you, stating that an unauthorized party has attempted to access your account or that the account will be terminated if you don't respond with the requested information. These emails tend to look very genuine and usually contain forged logos and proprietary materials. A phishing email typically provides a link which directs you to a fraudulent website, where you are encouraged to enter personal information.

Verifying Websites

If you happen to follow a link in a spam email, never provide credentials such as your password, phone number or address. When conducting business on any website, you can check their legitimacy by looking for a "lock" icon in the browser address bar. By clicking the icon, you can view their digital certificate and learn when it was issued and when it expires. Another indicator is a URL that reads "HTTPS" opposed to "HTTP." However, neither indicator is considered 100% accurate as criminals have even learned to forge security icons. The best advice is to never click on any link in a spam message, especially one that strikes you as suspicious.

Fighting Back

If you receive a suspicious message or an obvious scam requesting your information, you can join in the fight against email scams by forwarding it to the FTC at: [email protected] Make sure to include the complete header of the message along with all the routing details. This will help the according department investigate the matter and hopefully track down the sender. You can also report phishing emails to the Anti-Phishing Working Group at [email protected] .  A number of security vendors, a consortium of Internet Service Providers, law enforcement agencies and financial institutions all use these resources to report deceptive spam and phishing.

If you feel that you have already given away personal data to a con artist, file a complaint on the FTC website: From there, you should visit their Identity Theft website: Here you can how to minimize the potential damage of identity theft.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Spyware has many ways of getting onto your computer, such as:

When you download programs - particularly freeware, or peer-to-peer sharing programs.

More covertly, spyware can install itself just by you visiting certain sites, by prompting you to download an application to see the site properly.

ActiveX controls. These pesky spyware makers will prompt you to install themselves while using your Internet browser