Phishing and malware attacks use quite different tactics although both have the goal of stealing your personal and financial information and/or gaining access to your accounts.

In a phishing attack, the scammers want you to click a link or open an attached file and supply personal information such as account login credentials and credit card details. Typically, you will be taken to a fake website that is designed to emulate a genuine bank or company webpage and asked to supply your details.

The criminals will then use this information to hijack your account and conduct fraudulent activities. They may:

• Steal your money
• Conduct banking or credit card fraud
• Steal your identity
• Use your accounts to launch further scam and spam campaigns

Malware is short for ‘malicious software’.  As with phishing, malware messages typically try to trick you into clicking links or opening attached files.

However, instead of asking you to provide your personal information directly, clicking the link or opening the attachment may install malicious software on your computer without your knowledge.

Typically, this malware can collect sensitive information such as passwords and usernames from your computer and send it to criminals. It may also download and install further malware.

And, the malware may join your computer to a ‘botnet’.  A botnet is a large collection of infected computers that criminals can control from afar. Botnets are often used to conduct spam and scam campaigns. For example, a botnet may be used to send phishing scam emails to hundreds of thousands of potential victims.

Thus, phishing and malware attacks are different but related tools in the online criminal’s toolkit.