Table of Contents
How to Avoid Phishing: The S.L.A.M. Method
Everyone receives spam emails, usually in annoyingly large amounts. Most of these are easily identifiable as a waste of your time but there are some emails which hide a more dangerous threat just under the surface. Where spam might be attempting to get you to buy a product or attend a sales event, cybercriminals #1 tool aims to steal your data, passwords, and personal information.
Phishing is the name of this tool and gaining access to your private data is its goal. Everyday organizations receive emails claiming to be vendors, clients, financial institutions, travel agents, and more. Each of these emails hopes you’ll open their attachments, click their links, and reply with your sensitive data.
With phishing, there is no way to prevent every dangerous email from entering your mailbox. Thankfully, there’s a powerful tool we can use to detect if an email is hostile. We call it the SLAM method! It stands for Sender, Links, Attachments, and Messages. Let’s learn how we can SLAM phishing emails:
S: Sender
Any time you receive an email, the first thing to check is who has sent it to you. Well, that’s obvious, right? You just look at the name displayed at the top of the message. Don’t be fooled! That display name is not always the same as the email or the real sender. Cybercriminals can easily ‘spoof’ these names (and their profile pictures) to appear as anyone on the internet.
When opening an email, make sure you check the sender’s actual email address instead of just the name. If the email address doesn’t match the name, or you don’t recognize the email, delete the message! Also, be sure to check for any small misspellings in the email address. This is a common tactic because our brains often read over small misspellings in a word.
L: Links
Cybercriminals want your information and one of the easiest ways to get it is through online forms. They might create a fake website imitating your vendor and then send a link to it disguised as vendor communication. Other links might take you to a download page for malware or other malicious sites. With the power of links, we need some tricks for making sure we don’t get caught. Here are three tips for dealing with them:
- Never click links from anyone you don’t know, no matter how legitimate the email may seem!
- By hovering your mouse on a link without clicking on it, the actual linked address will be displayed in the bottom left of your email client. Anyone can attach a link and make the text read something totally different, so make sure you check this before clicking on any link! (Add a screenshot)
- When you receive a link to a vendor website, the best practice is to use a search engine to find the vendor’s site or login page on your own. A common trick cybercriminals use is sending falsified password reset links which can appear fully legitimate. If you navigate to the vendor’s site through a search engine and use the password link there, you’ll know you’re really resetting your password and not handing it over to a cybercriminal.
A: Attachments
Attachments are the easiest part of a phishing email to avoid but also the most dangerous, especially since we are so used to receiving them. Word documents, PDFs, and other types of files can harbor hostile code which will silently run when the file is opened. Cybercriminals will often attach files with a request for review or something similar to trick you into opening a file which silently installs Malware on your computer. These hostile attachments can install keyloggers, adware, or even ransomware on your computer.
If you don’t know the sender and if you didn’t request a document, don’t open any attachments in the email! Unsure if an attachment is legitimate? Reach out to the sender through a previously established communication method (Ex. Office phone or fax) to verify the attachment is safe.
M: Message
Finally, when receiving an email, we should always analyze the message. There are several tells cybercriminals leave which can tip us off to a phishing message:
Poor grammar, Spelling, or language skills.
Cybercriminals rarely speak English as a first language and frequently are from foreign countries which lead to poor language skills, odd sentence construction, and more issues. If the email has several misspellings, grammatical errors, or unexpected language choices, make sure you use the other aspects of the SLAM method to verify it’s legitimate.
High urgency or important requests
While we like to think we’re very logical and reason-driven, cybercriminals know just how easy it is to take advantage of someone using their emotions. If a message is very urgent or has a high level of severity, take a few moments to step back and calm down. Make sure you SLAM dangerous messages like those about your social security score, or password being stolen. It might save you from delivering them straight to a criminal.
Unusual Requests
A classic scam is for a cybercriminal to imitate a manager or CEO and ask their staff to purchase some gift cards for an upcoming event. In this scam, the criminal will eventually have that staff person send the gift card codes over email and disappear with the money. To avoid situations like this, always analyze unusual or unexpected requests and verify with the asking party to ensure it is legitimate.
Looking for Surety in your Email Security?
The world of cybersecurity and the threat of cyberattacks like phishing can be almost impossible to manage. How are you supposed to protect your email, train your staff, and respond to potential cyberthreats while also running your business? More importantly, how are you supposed to respond if your critical data, or that of your clients, gets breached? A loss like that can cripple or even destroy your business.
Defending your systems and staff can seem like an impossible task. Luckily, automated email security systems have been developed which can catch spam, phishing emails, malicious attachments, and impersonation emails. These systems can also help you analyze emails, pull identified phishing emails out of your team’s mailboxes, and even train your staff on identifying cybersecurity threats.
If you’re interested in email security, cybersecurity training, or have concerns about your IT, reach out for a free technology consultation. Let’s work together to SLAM your tech problems!