Contact Us Search Site Index About This Site Edit Decrease text size Increase text size Georgetown University main web site Contact Us Search Site Index About This Site
spacer spacer spacer
University Information Services at Georgetown University
Faculty Help Staff Help Student Help About UIS

Preventing Spam: What is Spam, Spoofing, and Phishing?

What is Spam?

Spam is commonly defined as unsolicited bulk e-mail messages. The proliferation of spam has become an extraordinary nuisance for web users. A recent survey in April 2005 found that 28% of users with a personal e-mail account say they are 'getting more spam than a year ago', while 52% consider spam to be a 'big problem'. Georgetown University has experienced a dramatic rise in spam e-mail traffic, and complaints to the UIS Help Desk have increased significantly over the past year.

Types of Spam Basically there are two types of spam, intentional and unintentional. Intentional spam comes from spammers who are soliciting products or attempting to commit fraud. Unintentional spam originates from computers that are infected with a virus or worm that activates e-mail distribution processes in the background. The virus or worm attempts to send bulk messages from the infected computer without the awareness of the computer owner.

What is Spoofing?

Spoofing occurs when the sender of an e-mail message pretends to be someone else. Spoofing is often used by spammers, and it's easy to do. Spoofing can be accomplished by changing your "FROM" e-mail address.

E-mail spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. E-mail spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information, such as a password.

More information about spoofing is available here.

What is Phishing?

Phishing is a special type of spam that is intended to trick you into entering your personal or account information for the purpose of breaching your account and commiting identity theft or fraud.

In a typical Phishing scenario, a false e-mail message is delivered to you. The e-mail appears to come from a legitimate source (see spoofing above), but it's actually a scam. The message may contain a legitimate corporation's logo, and appear to be sent from the corporation's e-mail address. The message may ask you to click a link in the message to update your account, or run a software program to upgrade your computer.

Although the message looks legitimate, it is really trying to compel you to submit your personal and confidential information, which will be used to steal your credentials. Normally you are asked to enter information such as your name, date of birth, place of birth, social security number, mother's maiden name, bank account number, and bank account PIN.

AOL, Yahoo, MSN, Hotmail, Earthlink, Citibank, eBay, and PayPal have all been the subjects of phishing scams. Tips for spotting phishes, viruses, or otherwise fraudulent unsolicited e-mail are reprinted here from UIS's How to Protect Your Computer web page. You can also check Symantec's Hoaxes web page to determine if an e-mail is legitimate.

Examples of Phishing The PayPal scam (below) and the Nigerian 419 Fraud scam are good examples of Phishing. We recommend that you forward any suspected phishing e-mail with full headers to spam@uce.gov.

back to the top of this page

back to the Index to Spam Resources
spacer