Be Afraid...Be Very Afraid
Just kidding about the title but you raise a very serious and real question about a problem that a lot of people are trying to combat. The discussion grows everyday in the private as well as public arenas. There's really no clear definitive answer as to what works best; as the bad guys are working overtime. Ironically, even the so-called "good guys" help to proliferate the problem; as I will touch upon later.
The lines separating Spam from Phishing are blurred. See the similarity by definition:
Spam: Also known as junk mail or unsolicited bulk email. Involves nearly identical messages sent to numerous recipients. Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups, and viruses which harvest users' address books and are sold to other spammers. There is a practice known as "email appending" or "epending" that uses known information (such as postal address) to search for a target email.
Phishing: An attempt to acquire information such as usernames, passwords, credit card details by masquerading as a trustworthy entity in an electronic communication. Usually carried out by email spoofing or instant messaging. Communications purporting to be from popular social websites, auction sites, online payment processors and the like.
In short...Phishing can morph into Spam and Spam can morph into Phishing.
Forms of protection from Spam and Phishing come in a plephera of varieties just to name a few:
1. Passive protection in programs like Outlook, Mail (Mac OS X), Eudora, GMail, YahooMail and others that allow you to set filters, rules, block addresses and block ISP's (xxx.com).
2. Passive protection found in web browsers (IE9, FireFox, Chrome, Safari (via App Store), Opera etc) that use a community based rating system to warn against suspicious sites
3. Active Protection found in Internet Security Suites (too many to name like Norton, Eset, TrendMicro etc ) with email filtering tools
4. Active Protection found in Spam and Phishing protective services like Barracudanetworks.com or Secureworks.com and the list goes on.
However, use of any preventive product or service is of little help if the user doesn't practice safe computing. Here's a short list:
1. Watch out for "phishy" emails. The most common form
of phishing is emails pretending to be from a legitimate retailer, bank,
organization, or government agency
2. Don't click on links within emails that ask for
your personal information
3. Beware of "pharming." In
this latest version of online ID theft, a virus or malicious program is
secretly planted in your computer and hijacks your Web browser. When you type
in the address of a legitimate Web site, you're taken to a fake copy of the
site without realizing it.
4. Never enter your personal information in a pop-up
5. Only open email attachments if you're expecting them
and know what they contain
6. Know that phishing can also happen by phone. You may get a call
from someone pretending to be from a company or government agency, making the
same kinds of false claims and asking for your personal information
7. If someone contacts you and says you've been a
victim of fraud, verify the person's identity before you provide any personal
8. Job seekers should also be careful. Some
phishers target people who list themselves on job search sites.
9. Report phishing, whether you're a victim or not. Tell the company or
agency that the phisher was impersonating
10. Take action immediately if you've been hooked by a
phisher. If you provided account numbers, PINS, or
passwords to a phisher, notify the companies with whom you have the accounts
right away. For information about how to put a "fraud alert" on your files at
the credit reporting bureaus and other advice for ID theft victims, contact the
Federal Trade Commission's ID Theft Clearinghouse, www.consumer.gov/idtheft
or 877-438-4338, TDD 202-326-2502.
When shopping online at legitimate sites (the "good guys") be careful and look for boxes that are pre-checked for you to receive offers and/or communications from them or their partners. Be sure to uncheck the boxes and opt-out if you don't want to receive any communications. Even legitimate retailers count on you not unchecking the boxes to opt-out.
Lastly, this is worth repeating again:
Protect your computer with spam filters,
anti-virus and anti-spyware software, and a firewall, and keep them up to date.
Thanks for letting me chime in on this subject!