What’s the difference between spam and phishing?

Spam is unsolicited **bulk email**, typically commercial but sometimes malicious. The primary characteristic is unwanted volume: recipients didn't request it and don't want it. Spam wastes resources and annoys recipients but isn't necessarily dangerous.

Phishing is deceptive email attempting to steal information or enable fraud. Phishing impersonates trusted entities, creates urgency, and directs recipients toward malicious outcomes: **credential theft**, financial fraud, or **malware** installation.

Key difference: spam wants your attention; **phishing** wants to harm you. Spam is a nuisance problem solved by filtering. Phishing is a security threat requiring detection, prevention, and user education. Some messages are both (unsolicited **phishing** campaigns), but the categories address different concerns.