We have many customers ask what the difference is between phishing and malware.Also, when a phishing email gets through, it is often asked how can this happen when we have email protection?
Unfortunately, the biggest threat today is PEOPLE/USERS. Why? Because clicking and entering passwords often happens to bad or non-genuine websites.
How does email get past the email protections?
This often happens because a “good” domain has been compromised. Such as a supplier or customer of yours, then sends you a “bad” email. Because there is just a link to their SharePoint or website, the hackers or scammers will induce you to type your email and password to be stolen.
Because the domain is generally safe, these get past the protections. We ALWAYS recommend that if you were not waiting for a file or a link from a supplier, customer or someone you know, even if you deal with them daily, pickup the phone and call to confirm its legit.
What is phishing vs malware
Phishing is a social engineering tactic using deceit (fake emails/messages) to trick you into giving up info or clicking links, targeting the person; while malware is malicious software (viruses, ransomware, etc.) designed to damage systems, often delivered through phishing, targeting the computer. Phishing is the delivery method, and malware is the payload, with phishing often setting up the infection.
Phishing
What it is: A scam using fake communications (emails, texts, calls) to impersonate trusted sources (banks, companies) to steal personal data (passwords, credit card numbers).
- Goal: To trick you (the human) into willingly giving up sensitive information or taking an action that compromises security.
- Example: An email that looks like it’s from your bank asking you to “verify your account” by clicking a link to a fake website.
Malware (Malicious Software)
- What it is: Harmful software (viruses, worms, Trojans, ransomware) designed to infiltrate, damage, or gain unauthorized access to systems.
- Goal: To infect the system, steal data, disrupt services, or hold data hostage (ransomware).
- Example: A virus that silently installs after you open a malicious attachment in a phishing email, then steals your keystrokes.
The Key Difference & Connection
- Phishing is about deception and manipulation of people.
- Malware is about infection and damage to software/systems.
- They work together: A phishing attack is a very common way to deliver malware, making phishing the setup and malware the actual infection
If you have any further questions, don’t hesitate to reach out to our team for more information.
