Phishing Detection Can Be Improved by the SLAM Method
In May 2021, phishing attacks increased by 281%. One month later they increased by another 284%.
Studies show that just 6 months after training, phishing attack detection skills begin to decline. Employees start to forget what they have learned and cybersecurity suffers.
Do you want to give your staff a "hook" to remember what they have learned? Introduce the SLAM phishing detection method.
One of the mnemonic devices known to help people remember information is the use of an acronym.SLAM is an acronym for four key areas of an email message that you should check before trusting it.
These are:
By providing people with the term "SLAM", they can check suspicious emails more quickly. This way they can avoid missing something important. All they have to do is use the clues in the acronym.
It is important to check the sender of an email thoroughly. Often, fraudsters either forge an email address or use one that looks the same. People often mistake a fake address for the real one.
In this phishing email below, the email address domain is "@emcom.bankofamerica.com". The scammer is impersonating Bank of America. This is one of the ways that scammers try to trick you by inserting the URL of the real company into the fake address.
The email looks so convincing! It has probably enticed many people to give away their personal information. People applying for a credit card give a national insurance number, their income and more.
A quick search of the email address quickly exposes it as a scam. And a trap used in both email and SMS phishing attacks.
It only takes a few seconds to type an email address into Google. That way you can see if any scam alerts pop up that indicate a phishing email.
Hyperlinks are often used in e-mails. They can often bypass antivirus/antimalware philters. These philters look for file attachments that contain malware. But a link to a malicious website does not contain dangerous code. Instead, it links to a page that does.
Links can be in the form of linked words, images and buttons in an email. When you are on a computer, it is important to hover over links without clicking on them to see the true URL. This can often expose a fake email scam immediately.
If you are viewing an email on a mobile device, it may be more difficult to see the URL without clicking on it. There is no mouse as with a PC. In this case, it is best not to click on the URL at all. Instead, go to the alleged website to check the validity of the message.
File attachments are still commonly used in phishing emails. They may be attached to messages promising a large purchase order. The recipient may see a familiar Word document and open it without thinking.
It is becoming increasingly difficult to know which file formats not to open. Cybercriminals have become increasingly adept at infecting all kinds of documents with malware. There have even been PDFs with embedded malware.
Never open strange or unexpected file attachments. Use an antivirus/antimalware application to scan all attachments before opening them.
As technology has advanced, we have become good at scanning texts. This helps us to quickly process a large amount of information we receive every day. But if you read through a phishing email in a hurry, you may miss some telltale signs that it is a fake.
Take a look at the phishing example you'll find in the links section above. There is a small grammatical error in the second sentence. Have you spotted it?
It says, “We confirmation that your item has shipped,” instead of “We confirm that your item has shipped.”This type of error can be difficult to spot but is a clear sign that the email is not legitimate.
Both awareness training and security software can improve your defenses against phishing attacks. Contact OnyxIT today to discuss your email security needs.
Article used with permission from The Technology Press.
T: 01603 414142
E: getintouch@onyx-it.co.uk
Onyx IT has been supported by New Anglia Local Enterprise Partnership through the Growing Business Fund