Phishing continues to be one of the top strategies for hackers looking to access and steal important data. In the past decades, phishing scams have increased their sophistication and frequency. Ransomware, credential theft, database breaches, and more launch via a phishing email or link sent via text.
Why has phishing remained such a large threat for so long? Because it continues to work. Scammers evolve their methods as different technology and programming become more popular. They use AI-based tactics to make targeted phishing more efficient and more frequent.
If phishing didn’t continue working, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked. They open malicious file attachments, click on dangerous links, and reveal passwords.
In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher.
Studies show that as soon as 6 months after training, phishing detection skills wane. Employees begin forgetting what they've learned, and cybersecurity suffers as a result.
Want to give employees a “hook” they can use for memory retention? Introduce the SLAM method of phishing identification.
How to Spot a Phishing Link: the SLAM Strategy
One of the mnemonic devices known to help people remember information is the use of an acronym. SLAM is an acronym for four key areas of an email message to check before trusting it.
These are:
S = Sender
L = Links
A = Attachments
M = Message text
By giving people the term “SLAM” to use, it’s quicker for them to quickly check an email they might find suspicious. All someone needs to do is to use the acronym to spot potential security risks via phishing.
Checking the Sender: (S)LAM
It’s important to check the sender of an email thoroughly. Often hackers will use a look-a-like email that might emulate someone in your company but be a few letters off. People often mistake a spoofed address for the real thing.
In this phishing email below, the email address domain is “@emcom.bankofamerica.com.” The scammer is impersonating Bank of America. This is one way that scammers try to trick you, by putting the real company’s URL inside their fake one.
You can see that the email is very convincing. It has likely fooled many people into divulging their personal details. People applying for a credit card provide a Social Security Number, income, and more. It can be difficult for people to understand when to release sensitive information online because it is sometimes necessary for banking or other personal finance reasons.
Doing a quick search on the email address, quickly reveals it to be a scam. And a trap used in both email and SMS phishing attacks.
It only takes a few seconds to type an email address into Google or other web browsers. This search will quickly let you know if the email address has been flagged before as a phishing scheme.
Hover Over Links Without Clicking: S(L)AM
Hyperlinks are popular to use in emails. They can often get past antivirus/anti-malware filters. Those filters are looking for file attachments that contain malware. The link itself might be safe but clicking it and being redirected to a site can lead to downloading malware.
Links can be in the form of hyperlinked words, images, and buttons in an email. When on a computer, it’s important to hover over links without clicking on them to reveal the true URL. This way you know where you are being redirected without clicking the link.
When looking at email on a mobile device, it can be trickier to see the URL without clicking on it. There is no mouse like there is with a PC. In this case, it’s best not to click the URL at all. It is better to be safe than sorry.
Never Open Unexpected or Unusual File Attachments: SL(A)M
File attachments are still frequently used in phishing emails. Messages may have them attached, promising a large sale order or some other beneficial deal. The recipient might see a familiar word document and open it without thinking.
It’s getting harder to know what file formats to avoid opening. Cybercriminals have become smarter about infecting all types of documents with malware. There have even been PDFs with malware embedded.
Never open strange or unexpected file attachments. Use an antivirus/anti-malware application to scan all attachments before opening or speak with an IT representative if you're nervous about the attachment.
Read the Message Text Carefully: SLA(M)
We’ve gotten great at scanning through an email quickly as technology has progressed. It helps us quickly process a lot of incoming information each day. But if you rush through a phishing email, you can miss some telltale signs that it’s a fake.
Look at the phishing example posted above in the “Links” section. There is a small error in grammar in the second sentence. Did you spot it?
It says, “We Confirmation that your item has shipped,” instead of “We confirm that your item has shipped.” These types of errors can be hard to spot but are a big red flag that the email is not legitimate, especially if it's coming from a corporation.
Get Help Combatting Phishing Attacks
Both awareness training and security software can improve your defenses against phishing attacks. Contact us today to discuss your email security needs.