You can’t discuss cybersecurity without talking about phishing. These malicious emails and messages are responsible for a majority of data breaches and malware infections and have been for decades.
Approximately 73% of surveyed organizations have suffered from data breaches that were caused by phishing attacks within the last year. That makes phishing one of the biggest threats that companies are facing to their health and wellbeing.
As part of any good network protection or IT, security strategy is keeping your employees well trained on phishing awareness. This includes how to detect phishing attacks and what to do when they receive a suspicious email.
Remembering a list of best practices isn’t always easy, which is why human error is often the cause of a breach. A user will accidentally get fooled by a scam email, reacting before thinking, and end up unleashing malware throughout the company network.
If you’ve been struggling with a better way to train employees on how to spot phishing emails, try the SLAM method.
This approach uses an easy-to-remember acronym that teaches users the places to look in an email that is either unexpected or comes from an unknown source to check for phishing.
SLAM stands for:
Here’s how you can use this acronym to sharpen the phishing detection skills of your team and reduce your risk of falling victim to a cyberattack.
Check These Areas of an Email for Potential Phishing Scams
The name you see as the sender of a message might not be who it’s from at all. It’s important to look carefully at the “From” line of a message, looking past the plain text name that may be displayed.
Scammers can spoof email addresses, using a domain you recognize when the email wasn’t sent from that domain. They will also use slight misspellings in the domain name to fool a user who is only giving the email address a brief glance.
For example, they may use “micosoft.com” (missing the “r”) instead of “microsoft.com.”
Things you should do to thoroughly check out the sender:
- Review the address carefully for typos
- Check the message source code to display the path of the message (if sent from another email address, it will show up here)
Hyperlinks are now the preferred way to get users to take action on an email because they can often get past antivirus programs.
You should always hover over any links in a message without clicking on them to reveal the true URL. And remember that links can be hidden behind images like buttons. They can also be hidden behind text that appears to be a legitimate URL, but when hovering, it’s something completely different.
If you see a link on a social media message or SMS that is shortened, don’t trust it if you don’t know the sender and haven’t verified that the message is legitimate.
It’s also a good idea to avoid email links when possible and instead go to a website directly to check your account for any activity the email is noting.
You should never open email attachments from unknown senders or when you get an unexpected or curious message from a sender you know.
Email accounts can be hacked, and scammers will often use a software program within minutes of hacking an email that sends any contacts phishing messages from that user’s email account.
Unless you’ve verified the attachment, do not open it. It’s also vital to use software systems that can scan potentially malicious attachments for malware.
Remember that even innocent-looking files like PDFs can be loaded with malware, so no file is safe to open unless it has been verified.
Phishing emails have definitely become harder to spot because they use the logos and signatures of popular sites. But you can often still spot a fake if you review the message thoroughly.
For example, let’s look at this phishing email that we shared earlier. At first glance, if you haven’t hovered over the URL it appears to be a legitimate Amazon order email. But look a little closer.
The is a typo in the second sentence that says, “We confirmation that your item has shipped.” instead of “We confirm that your item has shipped.” This is a grammar mistake that a company like Amazon would most likely not make.
Review the message completely and look for things like:
- Grammatical errors
- Words or references that don’t make sense
- Old dates on copyright notices in signatures
Need Better Email Phishing Protections?
Texas I.T. Pros can help your Denton or Wise County business put stronger phishing protections in place, such as DNS filtering to block malicious links and email filtering to keep dangerous messages out of user inboxes.
Contact us today to learn more! Call 940-239-6500 or reach out online.