According to the Cybersecurity and Infrastructure Security Agency, 80% of businesses had at least one employee fall victim to simulated phishing attacks in 2022. While it’s good that these weren’t real phishing scams, it only takes one employee to put themselves and your business in danger. Phishing attacks happen when a cybercriminal sends a scam message with malicious links and/or attachments. Their goal is to get the user to divulge sensitive information and deploy harmful software to spread their virus.
Phishing emails can cost victims dearly, stealing their passwords, personal information, and even their identity. Luckily, phishing attacks are easy to spot if you know what to look for. The SLAM method stands for sender, links, attachments, and messages. By focusing on these four aspects of an email you can determine if it’s a threat so you can act quickly to protect yourself and your business.
Sender
The first component you should check on every email is the sender’s address. Phishing email addresses will often have misspellings or odd characters in them so be sure to read the sender’s information carefully. Cybercriminals will try to make their phishing attacks look credible and pose as your bank or another financial institution. If you do receive an email claiming to be from one of these sources, examine the sender’s address carefully. If it looks fake or doesn’t match the address from previous trusted communications from this institution, then it likely isn’t safe.
Links
Links are how phishing attacks introduce you to malicious software that will steal your information. Don’t open links in an unknown or suspicious email, even if they look legitimate. Cybercriminals know how to disguise these links, using tactics like shortening URLs or placing hyperlinks in a clickable image. One way to check if a link is safe is to hover over it to see if the link is the same as the one displayed in the email. Even if they do match, make sure the link includes “https” as this indicates secure access.
If you do click on a link and it takes you to a website, this doesn’t mean you’re in the clear. Many times, phishing attacks pose as alerts that you need to change your password to a specific account to keep it safe. Cybercriminals will go so far as to build fake websites meant to steal your information. Examine the site before taking any further action, specifically looking for the “https” protocol and professional design qualities.
Attachments
Phishing attacks won’t always ask you to click on a link, they may instead ask that you open an attachment. Cybercriminals may pose as familiar companies or even a co-worker to convince you to open a file hiding malware. They will also claim these files are invoices, receipts, or other important documents to entice you to open them. Just like links, carefully examine any attachments before you download them. If the file extension or name is unfamiliar or strange looking, do not open it and delete the email. You should also never open attachments from unknown senders as they are most likely to be malicious.
Messages
The actual message of a suspected phishing email can also help you determine if a cybercriminal is after your information or not. Phishing attacks prey on their victim’s emotions to get them to act quickly. These emails will create a sense of urgency, telling recipients to act now. If people feel rushed to make a decision, they are less likely to stop and examine the entire email and see that it’s a scam.
In addition to using fear tactics, there are other signs to look for in email messages that could indicate a phishing attack. Carefully read the email and look for bad grammar, misspellings, or suspicious requests. Reputable businesses should never ask you to disclose personal information over email. This is a huge indicator that a cybercriminal has you in their sights.
Report
You’ve used the SLAM method and discovered an email was actually a phishing attack. Now what? Report all phishing attacks to your IT team immediately. If you’re being targeted its likely others around you are too. You should also report phishing attacks to the FBI’s Internet Crime Complaint Center to help keep others outside of your organization safe.
After you’ve let the cybersecurity experts know about the phishing attempt, delete the suspicious email to prevent accidents. And while you haven’t provided cybercriminals with your information, it would still be a good idea to set up multi-factor authentication to ensure hackers can’t get into your account even if they have your password. This way anytime someone tries to log into your account, you are sent a secure code to verify it’s really you trying to access your information.
You Are the First Line of Defense Against Phishing Attacks
Email phishing attacks don’t just threaten your personal information, but your entire company as well. And with cybercriminals getting better at tricking recipients into disclosing sensitive data, it’s important to learn and use the SLAM method to protect yourself. Carefully examine the sender address, links, attachments, and messages of all emails you receive to determine if they are legitimate and safe.
Stopping cybercriminals from stealing important information means you have to be vigilant and on the lookout for potential threats. Strategy Tech Services can help monitor your practice for cyberattacks and train your team to act as the first line of defense against threats. Book a conversation and strengthen your cybersecurity today.
