What is spam? Definition, types, and prevention

What is spam?

In digital communication, spam refers to emails, messages, or texts that are unsolicited and sent out in bulk. Advertisers use spam emails to push their products and services, hoping that a large reach will result in sales. However, hackers also use spam to distribute phishing emails and malware, which is where spam turns from annoying to dangerous.

What does “spam” stand for?

People often joke that “spam” stands for “stupid, pointless, annoying message,” but it’s not actually an acronym. The term comes from a specific pop culture reference that perfectly describes the nature of unwanted junk mail.

History of spam

The term “spam” originated from a 1970 episode of Monty Python’s Flying Circus sketch comedy show. In the sketch, a couple tries to order breakfast at a café, but every item on the menu contains the canned meat SPAM. As the couple tries to order, a group of Vikings drowns out the conversation by repeatedly singing, “SPAM, SPAM, SPAM.”

This concept of inescapability translated to the digital world. In early chat rooms and online games, users would flood conversations with repetitive text to drown out other participants, much like the Vikings in the sketch. This behavior mirrored the repetitive nature of the word “spam” in the comedy bit, and the name stuck.

While the name is modern, the practice is old. The first recorded instance of spam occurred in 1864 when a dentist sent a mass telegram to British politicians advertising teeth whitening. The first email spam appeared in 1978 on ARPANET, promoting computers.

Over time, the term “spam” came to be associated with any kind of unwanted, repetitive online content, especially unsolicited emails sent in bulk.

Spam vs. phishing vs. scam

It’s important to understand the differences between spam, phishing, and scams because, while they often overlap, they refer to different concepts.

• Spam is simply unsolicited, bulk digital communication. While annoying, spam is not always malicious. It may just be an unwanted advertisement.
• Phishing is a malicious technique where cybercriminals, disguised as a legitimate source (like a bank), send suspicious messages to steal sensitive data, such as passwords or credit card numbers.
• Scam is a broad term for any fraudulent scheme designed to cheat you out of money. Phishing is a type of scam, but not all scams are phishing.

Types of spam 

Spam is ever evolving and has taken on many forms. Let’s explore some of the most common types of spam that you might encounter in your daily life.

Email spam 

Email spam is the most common form of junk mail. It clogs inboxes with unsolicited advertisements, newsletters you never signed up for, and sometimes threats such as phishing and malware.

Email spoofing

Email spoofing is sending emails with a forged sender address. These messages often appear to come from someone you know or trust — like your bank, a popular clothing brand, or your boss. The purpose of these emails ranges from stealing personal information to spreading malware like trojans.

Email spoofing is particularly dangerous because it mimics a source you trust to trick you into lowering your guard. If the attacker puts in enough effort, the message may lack obvious red flags, which makes knowing how to spot phishing emails critical.

Malware spam (malspam)

Malware spam, or malspam, is a type of email spam that attackers use to distribute malware through email. These emails typically include attachments or links that download malicious software to your device when you click them. Malspam is still the most effective and popular way to deliver threats ranging from spyware to ransomware.

Research on malware linked to stolen bank card details revealed that cybercriminals often use malware to steal much more than just payment card information. In fact, 99% of stolen card records also included additional data, such as the victim’s name, computer files, and saved credentials.

PRO TIP: To stay safe, never click on attachments or links from unknown sources unless you can independently verify their legitimacy.

Spam calls 

Spam has moved beyond your inbox to plague your phone, too. Spam calls often involve unsolicited promotions, fake warnings, or phishing attempts to trick you into revealing sensitive information. Phone spam is annoying but also potentially dangerous if it’s part of a larger attack meant to steal your money or data.

What is “spam risk”?

When your phone rings, you might see labels such as “spam risk,” “scam likely,” or “potential spam” on your caller ID. Mobile carriers use these labels to warn you that the number has a history of suspicious activity, such as making thousands of short calls or being reported by other users. Your carrier uses network filters to spot these patterns and alert you. In most cases, you should let these calls go to voicemail.

Robocalls

Robocalls are phone calls that use a computerized autodialer to deliver a pre-recorded message. While some are legitimate (like appointment reminders), scammers use them to target thousands of potential victims at once with unsolicited offers.

PRO TIP: Consider NordVPN’s Call Protection. Available with select plans for Android users in the US, Canada, Japan, and the UK, this feature flags potential scam calls before you answer. The feature screens incoming numbers and displays a clear warning, helping you decide whether to decline the call or send it to voicemail.

Text message spam

SMS spam arrives as an unsolicited alert on your phone. While often just annoying advertisements, these texts can also be malicious attempts known as smishing (SMS phishing). Scammers often use fake urgency — claiming you missed a package delivery or have a bank alert — to trick you into clicking a dangerous link.

Social media spam 

Social media spam appears in comments, direct messages, and public posts. Spambots, malicious actors, and opportunists use these channels to spread irrelevant links, scams, or excessive self-promotion. In many cases, this type of spam is the delivery vehicle for dangerous social media scams designed to steal your data or money.

What is a spam account?

A spam account is a user profile on a social media platform created specifically to distribute spam. These accounts are often fake or hijacked from real users. They may follow thousands of people, post automated comments, or spread misinformation to boost visibility for a specific hashtag or scam site.

Common spam scams

While some spam is just annoying advertising, much of it is malicious. Scammers often use specific narratives — like winning a prize or fixing a computer virus — to trick people. Be on the lookout for these common schemes.

Sweepstakes and lottery scams

Emails or messages that falsely claim you have won a sweepstakes or lottery remain prevalent. These unsolicited messages usually ask for personal information or a processing fee to “release” your prize. This classic trick plays on excitement to dupe people out of their money.

Tech support scams

Tech support scams are insidious. Scammers pose as support agents from major companies like Apple or Microsoft and claim your computer has a virus. They then demand remote access to your device or payment to fix the non-existent problem. You should always view unsolicited tech support offers with suspicion.

Money transfer scams

In money transfer schemes, scammers promise large returns for a small upfront investment or ask for help transferring large sums of money in exchange for a cut. These scams exploit greed and trust, often leading to significant financial loss. The infamous Nigerian prince scam falls under this scam category.

How to identify spam

The clearest sign of spam is that it’s unsolicited — you receive messages you never asked for, often in large numbers from the same sender. While this is annoying, you also need to spot the difference between harmless junk and dangerous threats. Look for these red flags to identify malicious spam:

1. 1.Requests for sensitive data. Legitimate organizations will never ask you to reply with passwords, 2FA codes, or credit card numbers through email or text message.
2. 2.Too-good-to-be-true offers. If you didn't enter a contest, you didn't win it. Be skeptical of free gifts, surprise inheritances, or lottery wins.
3. 3.Fake urgency and threats. Scammers use social engineering — psychological manipulation techniques — to make you panic. They use phrases like “immediate action required” or “unauthorized login attempt” to trigger fear, forcing you to act without thinking.
4. 4.Suspicious sender addresses. Even if the Amazon logo looks legit, check the actual sender’s email address in the “From” field. An email from Amazon Support should not come from an address that ends in “gmail.com.”
5. 5.Contextual mistakes. Getting a “delivery failed” text when you haven't ordered anything or a bank alert for a bank you don't use is a major red flag, no matter how professional the message looks.
6. 6.Mismatched or shortened links. Hover over links (without clicking) to preview the destination. Be especially wary of shortened URLs (like bit.ly) in text messages because they mask the real website address.
7. 7.Generic greetings. While sophisticated scammers now often use your real name, a generic greeting can still be a red flag. However, this alone doesn't prove a message is fake — look for other warning signs to confirm your suspicions.
8. 8.Poor design and spelling errors. If an email contains typos, low-quality logos, or broken sentences, it’s almost certainly malicious. While scammers now use AI to polish their content, sloppy mistakes are still a dead giveaway.

Examples of spam messages

Below, find examples of what spam emails and texts often look like.

“You won the lottery!”

A blurry or misplaced logo, default fonts, and random colors suggest that the email above is malicious spam. The dead giveaway is that you never participated in a lottery — because there never was one.

“Suspicious activity detected on your account”

Account suspension emails are designed to make you panic and act without thinking. Never click a link inside the message. Instead, open a new tab and log in to your bank account directly. If you are still unsure, call your bank using the number on the back of your card — not the one inside the email.

A package you didn’t order

Fake package scams are especially effective during the holiday season, when people place many orders and lose track of deliveries. Always be wary of text messages from random numbers claiming a delivery failed. Instead of clicking the link to reschedule, visit the courier's official website and enter your tracking number manually.

Why are you receiving spam?

If you want to protect yourself against spam, it helps to know how you became a target. Spammers rely on massive lists of active contact details, which they acquire through data harvesting, leaks, and trading.

Here are six common ways spammers get your email address or phone number:

1. 1.Your email address was sold. Unethical website owners sometimes sell their customer lists to marketers or scammers for quick profit. Additionally, criminals can buy massive lists of stolen email addresses on the dark web.
2. 2.You signed up for a “free” service. Some products or services are free of charge as long as you provide your contact details. In these cases, the price you pay is your email address.
3. 3.A web spider stole your information. Spammers use automated programs called web spiders (or harvest bots) to crawl websites and scrape any email addresses or phone numbers they find published online.
4. 4.Spammers traded your information. Spammers trade their sources, so your details can stay in circulation for years.
5. 5.Your details were leaked. Massive database breaches often expose millions of email addresses at once.
6. 6.Your device was (or still is) infected. Malicious software can scan your computer or smartphone to steal your entire contact list. Spammers then use these details to target your friends and family. If you notice signs of malware, such as your device running slower than usual or crashing, run a virus scan to be safe.

To stay safe in the future, consider NordVPN’s Threat Protection. This feature blocks malicious websites and phishing links before they can load, which helps stop accidental clicks from turning into nasty malware infections.

How to stop spam

Stopping spam starts with better habits. Follow these steps to reduce spam messages and protect your information from falling into the wrong hands.

Use spam filters and manage your spam folder

Most email providers have built-in filters that automatically block junk mail. You can improve these filters by creating custom rules — if you notice specific keywords aimed at you, add them to your blocklist.

Behind the scenes, these email filters use advanced technology to protect your inbox:

• Machine learning. Filters now use AI to study billions of messages. They learn to spot new tricks and hidden patterns that simple rules might miss.
• Bayesian filtering. This method calculates the probability that a message is junk based on its content. Instead of just flagging keywords like “free,” it compares the words in your email against a known database of confirmed spam.

Finally, check your spam folder periodically. Sometimes legitimate mail gets caught by mistake. Marking a real email as “not spam” helps train the filter to be more accurate in the future.

Report and block spam

Don’t just delete spam emails — report them. Major providers like Gmail have a “Report spam” button in the toolbar. Reporting spam helps train filters to detect spam in the future and allows your email client to protect other users.

You should also block suspicious senders rather than unsubscribe from them. Clicking the “Unsubscribe” link on a malicious email verifies that your account is active, which leads to more spamming. Save the unsubscribe button for legitimate newsletters you no longer want to receive. Never use it for potential phishing emails.

Protect your personal information

The simplest solution is often the most effective. Stop giving your email address and phone number to every online service or store that asks for them. Once your data is out of your hands, it can end up on any mailing list.

If you must share your email address, create a disposable one. Use a burner email address to sign up for services from less-trusted providers. Even if the company you’re giving your address to is trustworthy, it‘s still vulnerable to hacks and data breaches.

Finally, consider using Incogni, a data removal tool that scrubs your personal data from broker sites. Data brokers often collect and sell your phone number to robocall centers. Incogni contacts these brokers, demands that they remove your data, and ensures they comply.