How to Improve Phishing Detection Using the SLAM Method

There is a reason why phishing is usually at the top of the list for security awareness training. It has been the primary delivery method for all types of attacks for the last decade or two. Ransomware, credential theft, database breaches, and more launch via a phishing email.

Why has phishing remained such a significant threat for so long? Imtex states it’s because it continues to work. Scammers evolve their methods as technology progresses. They use AI-based tactics to make targeted phishing more efficient, for example.

If phishing didn’t continue working, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked. They open malicious file attachments, click on dangerous links, and reveal passwords.

In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher.

Studies show that phishing detection skills wane as soon as 6 months after training. Employees begin forgetting what they’ve learned, and cybersecurity suffers.

Want to give employees a “hook” they can use for memory retention? Introduce the SLAM method of phishing identification.

What is the SLAM Method for Phishing Identification?

One of the mnemonic devices known to help people remember information is an acronym. SLAM is an acronym for checking an email message’s four key areas before trusting it.

These are:

S = Sender
L = Links
A = Attachments
M = Message text

By giving people the term “SLAM” to use, it’s quicker for them to check suspicious emails. This device helps them avoid missing something important. All they need to do is use the cues in the acronym.

Check the Sender

It’s essential to check the sender of an email thoroughly. Often scammers will either spoof an email address or use a look-alike. People often mistake a spoofed address for the real thing.

The email address domain in this phishing email below is “@emcom.bankofamerica.com.” The scammer is impersonating Bank of America. This is one way that scammers try to trick you, by putting the actual company’s URL inside their fake one.

fake email

You can see that the email is compelling. It has likely fooled many people into divulging their details. People applying for a credit card provide a Social Security Number, income, and more.

A quick search of the email address reveals it to be a scam. And a trap used in both email and SMS phishing attacks.

fake email 2

It only takes a few seconds to type an email address into Google. This allows you to see if scam warnings indicate a phishing email.

Hover Over Links Without Clicking

Hyperlinks are popular to use in emails. They can often get past antivirus/anti-malware filters. Those filters are looking for file attachments that contain malware. But a link to a malicious site doesn’t have any destructive code. Instead, it links to a place that does.

Links can be in the form of hyperlinked words, images, and buttons in an email. When on a computer, it’s important to hover over links without clicking on them to reveal the true URL. This can often immediately call out a fake email scam.

fake email 3

When looking at email on a mobile device, seeing the URL without clicking on it can be trickier. There is no mouse like there is with a PC. In this case, it’s best not to click the URL. Instead, go to the purported site to check the message’s validity.

Never Open Unexpected or Strange File Attachments

File attachments are still widely used in phishing emails. Messages may have them attached, promising a large sale order. The recipient might see a familiar Word document and open it without thinking.

It’s getting harder to know what file formats to avoid opening. Cybercriminals have become savvier about infecting all types of documents with malware. There have even been PDFs with malware embedded.

Never open strange or unexpected file attachments. Use an antivirus/anti-malware application to scan all attachments before opening.

Read the Message Carefully

We’ve gotten great at scanning through text as technology has progressed. It helps us quickly process a lot of incoming information each day. But if you rush through a phishing email, you can miss some telltale signs that it’s a fake.

Look at the phishing example posted above in the “Links” section. There is a slight error in grammar in the second sentence. Did you spot it?

It says, “We confirmation that your item has shipped,” instead of “We confirm that your item has shipped.” These types of errors can be hard to spot but are a big red flag that the email is not legitimate

Get Help Combatting Phishing Attacks

Both awareness training and security software can improve your defences against phishing attacks. Contact us today to discuss your email security needs.

The article was used with permission from The Technology Press.

Like this article?

Share on Facebook
Share on Twitter
Share on Linkdin
Share on Pinterest

Related Posts

Free malware ransomware scam vector

Don’t Risk It! Why You Shouldn’t Skip Vulnerability Assessments

Cyber threats are a perpetual reality for business owners. Hackers are constantly innovating. They devise new ways to exploit vulnerabilities in computer systems and networks. For businesses of all sizes, a proactive approach to cybersecurity is essential. One of the most crucial elements of this approach is regular vulnerability assessments. A vulnerability assessment is a

Free cybersecurity lock encryption vector

7 Common Pitfalls When Adopting Zero Trust Security

Zero Trust security is rapidly transforming the cybersecurity landscape. It moves away from traditional perimeter-based security models. In this approach, every connection attempt is continuously verified before granting resource access. 56% of global organizations say adopting Zero Trust is a “Top” or “High” priority. This approach offers significant security advantages. But the transition process presents

a man sitting at a table writing on a notebook

4 Ways Small Businesses Can Leverage Copilot for Microsoft 365

What are some of the key differentiators that can propel small businesses forward? They include efficiency, productivity, and innovation. Microsoft has expanded the availability of one of its most dynamic tools to SMBs. A tool that can be a real game-changer for growth. Copilot for Microsoft 365 is a powerful new addition to the M365