What is phishing and spoofing?

Phishing and spoofing are terms that are often used interchangeably. They are not the same, and as a business owner, it’s important for you to know what’s at stake should your laptop, PC or entire network become the target of either type of attack.

Differences Between Phishing and Spoofing

There is a misconception that phishing and spoofing are the same, based on nothing more than aesthetic similarities. Phishing and spoofing are different beneath the surface. One downloads malware to your computer or network, and the other tricks you into giving up sensitive financial information to a cyber thief. Phishing is a method of retrieval, while spoofing is a means of delivery.

What Is Spoofing?

Cybercriminals create perfect counterfeits of corporate emails to trick business owners into taking ill-advised actions. An official-looking email from an important service provider instructs you to take precautionary actions to protect your finances or reputation. Corporate logos and other distinctive graphics are easy for hackers to hijack and embed in emails. These professional graphic elements convince users that an impending threat can be suppressed by following the sender’s instructions, which usually entails clicking on a link in the message. In most cases the link executes a malicious file that damages your operating system and critical applications while it propagates throughout your network, placing your clients and vendors at risk.

How Is Phishing Different?

Phishing is a form of spoofing in that it deceives with legitimate-looking messages. Unlike spoofing, a phishing scam usually provides a link to a bogus website where the end-user is required to enter sensitive account information. The site may ask you to provide your social security number, tax ID or bank account information. Releasing this information could result in damage to your assets. Hackers are adept at HTML design and Web programming, so the untrained eye can be easily fooled. Fortunately, for the time being at least, there are a few telltale signs that give these scams away including suspicious URLs and unsolicited attachments.


If you receive a suspicious email, hover over the sender’s address and take careful note of the domain name. Smart hackers purchase a domain name that is a subtle variation of a legitimate URL, so look for minor misspellings. Sloppy hackers give themselves away with a URL that is completely off. Be wary of attached files; financial institutions will rarely, if ever, send these to their customers. If the message has a ".exe," ".scr," "zip" or ".bat" file attached, consider that a red flag and don't open it or follow any instructions. Call your service provider if you suspect an unscrupulous email. Your provider will welcome the information because it gives your financial institution a chance to protect the assets and identities of its customers.

Boats Group Stance on Phishing and Spoofing

If you received a questionable email, please delete it immediately without opening it. 
As always, we are doing everything possible to stop future phishing attacks and our technical safeguards are continuously reviewed, but please take extra caution in reviewing your emails. To protect yourself, remember that YachtWorld, Boat Trader and boats.com do not send randomly-timed invoices via email. You will only receive an email from a specific accounting team member if you’ve been engaging with that person. 
If you receive an email with an invoice attachment from YachtWorld, Boat Trader or boats.com that you are not expecting, please contact our account management team at 866-373-5602 or email the example to reportphishing@boats.com.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.