Spam is junk mail. It usually advertises something that is for sale or is an invitation/incentive to meet with a sales representative. Spam is unsolicited; users receive these emails even though they did not sign up to receive them. “Common types of spam include prayer chain forwards, coupons, adult content, donation solicitations, and unwanted newsletters.”-Webroot. 


Phishing has a much more malicious goal than spam. Threat actors send phishing emails to try to gain access to your login credentials and other sensitive information. In some cases, phishing emails can also deliver malware. Common types of phishing include “click here to verify your bank login,” “a LinkedIn connection request,” “your password has expired click here to reset it,” and many more. 

Signs that email is a phish include: 

  • Misspelled words and bad grammar 
  • The link in the email being different from the website that they said they are sending you to. You can hover over a link without clicking to see where the link directs. 
  • A sense of urgency 
  • Your personal information is being requested 
  • Saying that you have won or are entitled to money or prizes 
  • The reply-to email address is different from the from the sender address 

If you believe that you have received a phishing email to your work account, please report it using the PhishAlarm button. See instructions for using PhishAlarm here.