Cybersecurity Awareness: How to Spot Phishing Emails Using the SLAM Method
October is Cybersecurity Awareness Month, and it’s the perfect time to brush up on some essential skills to protect yourself from cyber threats. One of the most common and dangerous threats is phishing. Cybercriminals use phishing emails to trick people into revealing sensitive information, such as passwords, credit card numbers, or personal details. A single click on a malicious link can lead to devastating consequences like identity theft or financial loss.
The good news is that you can spot phishing emails more easily by using the SLAM method. This simple yet effective acronym breaks down the key elements you should check when evaluating an email for phishing signs. Let's dive in!
What Is the SLAM Method?
SLAM stands for Sender, Links, Attachments, and Message. By carefully examining these four elements, you can avoid falling for phishing attempts.
1. Sender
Start by checking who the email is from. Phishing emails often come from fake or unfamiliar senders. Here's what to look out for:
Check the sender's email address. Does it look suspicious? Phishers often use addresses that resemble legitimate ones, but with subtle differences (e.g., support@paypai.com instead of support@paypal.com).
Look out for unusual domain names. Trusted companies typically use their official domains (e.g., @bank.com), while phishing emails might come from strange, unofficial domains (e.g., @secure-login.net).
Don’t trust display names. Phishers can manipulate the display name to make the email appear as if it’s from someone you know. Always verify the email address behind it.
2. Links
Links in phishing emails are designed to lead you to fake websites that harvest your information or infect your device. Before clicking any link, follow these steps:
Hover over the link without clicking. This will show you the true URL. Does it match the sender’s legitimate website? Phishers often create URLs that look similar but are slightly altered (e.g., www.g00gle.com instead of www.google.com).
Look for HTTPS. Legitimate sites will use HTTPS for secure connections, indicated by a padlock icon in your browser’s address bar. However, some phishing sites may also have HTTPS, so this alone isn't enough.
Be wary of shortened URLs. Links that use URL shorteners (e.g., bit.ly) can easily mask the true destination. Only click if you're sure of the source.
3. Attachments
Phishing emails may include attachments that contain malware, which can compromise your computer or network. Follow these guidelines:
Don’t open unexpected attachments. Even if the email seems to come from someone you know, an unsolicited attachment can be a sign of phishing.
Check the file type. Cybercriminals often hide malware in files with extensions like
.exe
,.zip
, or even disguised as common files like.pdf
. If you weren’t expecting an attachment, proceed with caution.Scan attachments for viruses. Use antivirus software to scan any attachments before opening them, especially if you’re unsure of their legitimacy.
4. Message
The content of a phishing email often contains red flags that can tip you off to its malicious intent. Pay attention to the following:
Poor grammar and spelling. Many phishing emails originate from overseas, and they may contain grammatical errors or awkward phrasing.
Urgency and threats. Phishing emails often pressure you to act quickly, claiming your account will be suspended or you’ve missed an important deadline.
Requests for sensitive information. Legitimate companies will never ask for sensitive data like passwords or Social Security numbers via email.
Inconsistent branding. If the logos, fonts, or tone of the email don’t align with previous communications from the company, it’s likely a phishing attempt.
Conclusion
Phishing emails are evolving, but by following the SLAM method, you can stay one step ahead of cybercriminals. Always be cautious when reviewing emails—especially those that seem urgent or unexpected. Taking a few extra moments to verify the sender, examine links and attachments, and scrutinize the message could save you from becoming a victim of a cyberattack.
Let’s make cybersecurity a priority this month (and every month) by staying vigilant and sharing these tips with others!
Stay safe, and remember to SLAM the door on phishing attempts!
Bonus Tip: If you suspect an email is phishing, don’t reply or interact with it. Instead, report it to your email provider or IT security team to help prevent others from falling for the same trick.