Phishing Detection Can Be Improved by the SLAM Method

In May 2021, phishing attacks increased by 281%. One month later they increased by another 284%.

Studies show that just 6 months after training, phishing attack detection skills begin to decline. Employees start to forget what they have learned and cybersecurity suffers.

Do you want to give your staff a “hook” to remember what they have learned? Introduce the SLAM phishing detection method.

{% video_player “embed_player” overrideable=False, type=’hsvideo2′, hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=False, width=’1200′, height=’1200′, player_id=’85312932353′, style=” %}


SLAM Method for Phishing Identification

One of the mnemonic devices known to help people remember information is the use of an acronym.SLAM is an acronym for four key areas of an email message that you should check before trusting it.

These are:

S = Sender

L = Links

A = Attachments

M = Message text

By providing people with the term “SLAM”, they can check suspicious emails more quickly. This way they can avoid missing something important. All they have to do is use the clues in the acronym.


Check the Sender First

It is important to check the sender of an email thoroughly. Often, fraudsters either forge an email address or use one that looks the same. People often mistake a fake address for the real one.

In this phishing email below, the email address domain is “”. The scammer is impersonating Bank of America. This is one of the ways that scammers try to trick you by inserting the URL of the real company into the fake address.Picture 1A

The email looks so convincing! It has probably enticed many people to give away their personal information. People applying for a credit card give a national insurance number, their income and more.

A quick search of the email address quickly exposes it as a scam. And a trap used in both email and SMS phishing attacks.

Picture 1B

It only takes a few seconds to type an email address into Google. That way you can see if any scam alerts pop up that indicate a phishing email.


Hover Over Links Without Clicking

Hyperlinks are often used in e-mails. They can often bypass antivirus/antimalware philters. These philters look for file attachments that contain malware. But a link to a malicious website does not contain dangerous code. Instead, it links to a page that does.

Links can be in the form of linked words, images and buttons in an email. When you are on a computer, it is important to hover over links without clicking on them to see the true URL. This can often expose a fake email scam immediately.

Picture 1C

If you are viewing an email on a mobile device, it may be more difficult to see the URL without clicking on it. There is no mouse as with a PC. In this case, it is best not to click on the URL at all. Instead, go to the alleged website to check the validity of the message.


Think Twice Before Opening Unexpected or Strange File Attachments

File attachments are still commonly used in phishing emails. They may be attached to messages promising a large purchase order. The recipient may see a familiar Word document and open it without thinking.

It is becoming increasingly difficult to know which file formats not to open. Cybercriminals have become increasingly adept at infecting all kinds of documents with malware. There have even been PDFs with embedded malware.

Never open strange or unexpected file attachments. Use an antivirus/antimalware application to scan all attachments before opening them.

Don’t Forget to Read the Message Carefully

As technology has advanced, we have become good at scanning texts. This helps us to quickly process a large amount of information we receive every day. But if you read through a phishing email in a hurry, you may miss some telltale signs that it is a fake.

Take a look at the phishing example you’ll find in the links section above. There is a small grammatical error in the second sentence. Have you spotted it?

It says, “We confirmation that your item has shipped,” instead of “We confirm that your item has shipped.”This type of error can be difficult to spot but is a clear sign that the email is not legitimate.


Get Help Combatting Phishing Attacks

Both awareness training and security software can improve your defenses against phishing attacks. Contact OnyxIT today to discuss your email security needs.


Article used with permission from The Technology Press.