Spam is annoying; It is defined as email that tries to sell you a product or a service. It is junk mail, much like the junk mail you receive that is delivered by the postal services or distribution services – and goes directly into the trash. Phishing, on the other hand, presents a very different threat. The recipient of a phishing attack could give up sensitive information like personal information, credit card, social security numbers or even username and password combinations.
Others may fall for attacks that insist they download a malicious content that installs a dangerous software or keystroke loggers on their system. I have in my previous role seen organisation receiving messages alerting accounting to perform urgent payouts (from Management) which was cleverly disguised as internal emails.