1.6. Spam and Phishing
Both spam and phishing are email nuisances, but there are some big and important differences in their intent and potential damage, and it is crucial to recognize them and report accordingly.
Spam is unsolicited and unwanted junk email sent out in bulk to a wholesale recipient list. Typically, spam is sent for commercial purposes, but can also contain malicious attempts to gain access to your computer. Gmail has a built in “!” button right next to the trash can at the top of the email list that allows you to “Report Spam”. As you report more spam, Gmail is better able to automatically mark similar messages as spam for not just you, but for all users.
- On your computer, open Gmail.
- Select one or more emails.
- Click Report spam .
Phishing attacks are fraudulent communications that appear to come from a reputable source. The goal is to trick the recipient into giving away sensitive data or to install malware in the form of spyware on the victim's system. We have seen several of these attacks that appear to come from one of our principals, asking things like “Are you around?” If it fools the victim, he or she is coaxed into providing confidential information, often on a scam website. Sometimes malware is also downloaded onto the victim's computer. Spear phishing is a term for a type of attack that targets one specific, high-profile individual.
Again, Gmail makes it very easy to report phishing! If you click on the three dots in the upper right of a message, in addition to spam you have an option to “Report phishing”. It’s very important to mark these malicious phishing attack emails as such, because in addition to giving Google reports of the offenders, the Minnehaha tech team will also get the report allowing us to manually block the sender ourselves.
- On a computer, go to Gmail.
- Open the message.
- Next to Reply , click More .
- Note: If you're using classic Gmail, click the Down arrow .
- Click Report phishing.
Some quick stats
- 62% of organization phishing simulations captured at least one user’s credentials
- 27% of advanced email attacks are being launched from compromised email accounts
- 95% of all attacks on enterprise networks are the result of successful spear phishing
- Avoid strangers, check name and email address
- Don’t rush, be suspicious of emails marked “urgent”
- Notice mistakes in spelling and grammar
- Beware of generic greetings, “dear sir/ma’am”
- Don’t be lured by incredible “deals”
- Hover over the link before you click to ensure it has a secure URL (https://)
- Never give out personal or financial information based on an email request
- Don’t trust links or attachments in unsolicited emails