Let’s SLAM Phishing

Most cyber-attacks are initiated at the human/employee level. Whether from phishing, spear phishing, misuse or stolen company credentials, weak or redundant passwords, most cyber breaches are actually started when an employee makes an error. New employees who haven’t been trained, as well as those who’ve recently terminated are higher risks and employers and HR need to conduct better strategies to defend against potential breaches. One excellent protocol to pass along to staff who sit behind a computer all day is SLAM.

What Does the SLAM Acronym Stand For?

The SLAM acronym can be used as a reminder of what to look for to identify possible phishing emails. The SLAM acronym stands for sender, links, attachments, message.

Sender: when hackers send phishing emails, they often mimic a trusted sender’s email address to trick recipients into opening the email. Therefore it is important to analyze a sender’s email address before opening an unsolicited email. To check an email address for validity, recipients should hover their mouse over the sender name to reveal where the email came from prior to opening it.

Links: phishing emails generally contain links that enable hackers to steal a recipient’s login credentials and infiltrate their network. Just like with the sender’s email address, links contained in an email should be hovered over to check the legitimacy of the link. Is the URL actually directing you to the page it says it will? Are there misspellings in the link address? It is also best practices to, rather than clicking on a link in the email itself, to go to the company website directly.

Attachments: you should never open an email attachment from any sender that you do not know. However, even when you do know the sender, you should not open unsolicited email attachments. Hackers often send malicious email attachments using a compromised email address’ contact list to infiltrate the recipient’s system.

Message: while phishing emails have become more sophisticated over the years, the content of the message itself can often be a dead giveaway. Phishing emails often contain generic greetings, misspellings, grammatical errors, or strange wording. Emails that contain any of these issues should not be trusted.

What to Do When You Recognize a Phishing Email

While you can use the SLAM method to help you identify phishing emails, it is also important to know what to do when you recognize one.

1. Mark the email as spam
2. Report the phishing attempt to management so that they can alert other employees
3. Report the email to your IT department or MSP so that they can blacklist the sender’s domain address
4. Do not forward the email to anyone

Focusing on Security

During 2021 New River Computing (NRC) focused on ramping up its internal security systems, evaluated clients’ systems, and developed security packages appropriate for varying clients’ needs.

We offer Fortress One, Fortress Two, and Guardian Fortress, NRC’s most advanced security packages. These security products are our latest multi-layered set of protections and countermeasures designed to defend small and medium sized businesses against cyber criminals from around the world.