There is a reason why phishing detection is usually at the top of the list for security awareness training. For the last decade or two, it has been the main delivery method for all types of attacks. Ransomware, credential theft, database breaches, and more launch via a phishing email.
Why has phishing remained such a significant threat for so long? Because it continues to work. Scammers evolve their methods as technology progresses. For example, they use AI-based tactics to make targeted phishing more efficient.
If phishing didn’t continue working, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked. They open malicious file attachments, click on dangerous links, and reveal passwords.
A recent report by SlashNext revealed a 341% increase in malicious emails, and AI has substantially contributed to this number.
Studies show that phishing detection skills wane as soon as six months after training. Employees begin forgetting what they’ve learned, and cybersecurity suffers as a result.
Want to give employees a “hook” they can use for memory retention? Introduce the SLAM method of phishing detection.
What is the SLAM Method for Phishing Detection?
One of the mnemonic devices known to help people remember information is the acronym SLAM, which refers to four key areas of an email message to check before trusting it.
These are:
S = Sender
L = Links
A = Attachments
M = Message text
By giving people the term “SLAM” to use, it’s quicker for them to check suspicious emails. This device helps them avoid missing something important. All they need are the cues in the acronym.
Check the Sender
At IT Acceleration, we believe it’s important to check the sender of an email thoroughly. Often, scammers will either spoof an email address or use a look-alike. People often mistake a spoofed address for the real thing.
The email address domain in this phishing email below is “@emcom.bankofamerica.com.” The scammer is impersonating Bank of America. This is one way that scammers try to trick you: by putting the real company’s URL inside their fake one.
You can see that the email is very convincing. It has likely fooled many people into divulging their personal details. People applying for a credit card provide a Social Security Number, income, and more.
A quick search of the email address quickly revealed it to be a scam. And a trap used in both email and SMS phishing attacks.
It only takes a few seconds to type an email address into Google. This allows you to see if scam warnings indicate a phishing email.
Hover Over Links Without Clicking
Hyperlinks are popular to use in emails. They can often get past antivirus/anti-malware filters. Those filters are looking for file attachments that contain malware. But a link to a malicious site doesn’t contain any dangerous code. Instead, it links to a site that does.
Links can be in the form of hyperlinked words, images, and buttons in an email. When on a computer, it’s important to hover over links without clicking on them to reveal the true URL. This often can immediately call out a fake email scam.
When looking at email on a mobile device, seeing the URL without clicking on it can be trickier. There is no mouse like there is with a PC. In this case, it’s best not to click the URL. Instead, go to the purported site to check the message’s validity.
Never Open Unexpected or Strange File Attachments
File attachments are still widely used in phishing emails. Messages may have them attached, promising a large sale order. The recipient might see a familiar Word document and open it without thinking.
It’s getting harder to know what file formats to avoid opening. Cybercriminals have become savvier about infecting all types of documents with malware. There have even been PDFs with malware embedded.
Never open strange or unexpected file attachments. Use an antivirus/anti-malware application to scan all attachments before opening.
Read the Message Carefully
We’ve gotten great at scanning through text as technology has progressed. It helps us quickly process a lot of incoming information each day. But if you rush through a phishing email, you can miss some telltale signs that it’s a fake.
Look at the phishing example posted above in the “Links” section. There is a small error in grammar in the second sentence. Did you spot it?
It says, “We confirmation that your item has shipped,” instead of “We confirm that your item has shipped.” These errors can be hard to spot but are a big red flag that the email is not legitimate.
Get Help Combatting Phishing Attacks
Both awareness training and security software can improve your defenses against phishing attacks. Contact IT Acceleration today to discuss your email security needs.
This article is used with permission from The Technology Press.