Email security: phishing and spam

Phishing is the criminal process of attempting to get information such as usernames, passwords and credit card details by pretending to be a trustworthy website.

Phishing is typically carried out by sending bulk email or text messages or by leaving comments on social networking sites or through instant messaging. The term phishing alludes to the act used to ‘catch’ financial information and passwords.

Spam is electronic junk mail or any unsolicited message. In addition to being a nuisance, spam also takes up considerable network bandwidth and along with phishing messages can lead to computer malware infections.


  • Annoyance of spam or fake phishing emails
  • Potential to handover your genuine login credentials to a fake website owner
  • Financial loss if your banking or credit card details are abused
  • Identity theft if you hand over your login details and cyber criminals get access to your personal information

Phishing uses ‘social engineering’ techniques to persuade you to click on a fake link to an online service you use. It may be a good deal, breaking news story or a warning about losing access that persuades you to visit the fake webiste.

If you enter your login details or other data, the fake website records or ‘harvests’ your legitimate details and this can then be used to access your email, Facebook or online banking account to steal your money, send out spam or scam emails to your friends.

An example email may say ‘Your online banking has been compromised. Enter your login and password to ensure your security’ – this is one of the most common computer security scams that relies on the weakness of the end user to succeed.

How to avoid becoming a victim

  • Never respond to requests for your login information – banks and other transactional organisations like Trade Me will never ask for your username or password by email or text
  • Don’t reply for fun or to bait the scammer or phisher, all this does is confirm your email exists
  • When receiving emails, text or social networking messages on Twitter or Facebook look closely at the link URL. Hover over the link text if you can to see the genuine address you will be taken to if you click
  • Be suspicious of shortened URLs like links or tinyurls. These are often used to hide the real web addresses and could lead you to a phishing website or malware hosting site
  • Stop and think before you click through and enter your details. Smartphone users are particularly at risk due to small screen sizes where it’s harder to check out the real destination URL
  • Always type in the URL for a financial organisation you want to login to or call and ask for confirmation
  • Use a good internet security suite that can help you avoid visits to phishing websites that have been reported
  • Investigate what spam filtering options you have on your webmail account or that your ISP may be able to offer

More information:

For more about phishing, watch the Symantec video below: