In last week’s blog – How often do you need to train employees on Cybersecurity awareness? – I touched on the need to regularly train your staff in order to recognise phishing and scamming attempts – upping the quality of your staff’s cyber awareness. I wanted to support this thinking by taking a closer look at how to use the SLAM method in order to achieve this goal.
Because it continues to work. Scammers evolve their methods as technology progresses, employing AI-based tactics to make targeted phishing more efficient. If phishing didn’t continue returning benefits, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked. In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher. Studies show that as soon as six months after a person has been trained on phishing identification, their detection skills can begin waning as they forget things. Give employees a “hook” they can use for memory retention by introducing the SLAM method of phishing identification.
One of the mnemonic devices known to help people remember information they are taught is the use of an acronym. SLAM is an acronym for four key areas of an email message that should be checked before trusting it.
By giving people the term “SLAM” to remember, it’s quicker for them to check on any suspicious or unexpected email without missing something important. All they need to do is run down the cues in the acronym.
It’s important to check the sender of an email thoroughly. Often scammers will either spoof an email address or use a lookalike address that people easily mistake for the real thing.
Hyperlinks are popular to use in emails because they can often get past antivirus/anti-malware filters. You should always hover over links without clicking on them to reveal the true URL. This often can immediately call out a fake email scam due to them pointing to a strangely named or misspelt website.
Never open strange or unexpected file attachments, and make sure all attachments are scanned by an antivirus/anti-malware application before opening.
If you rush through a phishing email, you can easily miss some tell-tale signs that it’s a fake, such as spelling or grammatical errors.
Both awareness training and security software can improve your defences against phishing attacks.
Please reach out to me at email@example.com if you would like to discuss your email security needs in more detail.
Kalpesh Shah, CTOBack to News