It is not surprising that phishing is often at the top of security awareness training lists. It has been the primary delivery method for all types attacks for the past decade. Phishing emails are used to launch ransomware, credential theft and database breaches.
Why is phishing such a serious threat? It continues to work. As technology advances, scammers adapt their techniques. To make targeted phishing more efficient, they use AI-based techniques.
If phishing stopped working, scammers would try another attack. However, this has not been the case. People are still being tricked. People continue to be tricked by malicious file attachments and dangerous links.
Phishing attacks spiked by 281% in May 2021. They then jumped another 284% in June 2021.
Studies have shown that phishing detection skills decrease as soon as 6 month after training. As a result, cybersecurity suffers when employees forget what they have learned.
You want to give your employees a "hook" that they can use to retain their memories? Use the SLAM method for phishing identification
What is the SLAM Method of Phishing Identification?
An acronym is one of the most effective mnemonic devices for helping people remember information. SLAM stands for four areas in an email message that you need to review before you trust it.
S = Sender
L = Links
A = Attachments
M = Message text
It's easier for people to find suspicious emails by giving them the term "SLAM". This helps them to not miss anything important. They can use the acronym to find the cues.
Verify the sender
It is important to verify the sender of any email. Scammers often spoof email addresses or use look-alikes. Many people mistake a fake address for the real deal.
In this phishing email below, the email address domain is "@emcom.bankofamerica.com." The scammer is impersonating Bank of America. This is how scammers attempt to trick you by inserting the URL of the real company in their fake email.
It is clear that the email seems very convincing. Many people have been tricked into giving their personal information. Credit card applicants must provide their Social Security Number, income, or other information.
A quick search for the email address reveals that it is a scam. This is a trap that can be used for both SMS and email phishing attacks.
Google allows you to quickly type in your email address. This will allow you to check if there are any warnings about phishing emails.
Use hyperlinks in emails is a popular option.
They can often get past antivirus/anti-malware filters. These filters look for files that may contain malware. A link to a malicious website doesn't contain dangerous code. It links to a site with dangerous code.
You can link to images, words, or buttons within an email. It is important to hover over links on a computer without clicking on them to reveal their true URL. This can often be used to expose a scam email.
It can be difficult to see URLs on mobile devices, so it is easier to view email without clicking on them. A mobile device does not have a mouse as compared to a PC. It is best to not click on the URL in this instance. To verify the message's validity, you can instead go to the purported website.
Never open unanticipated or strange attachments
Phishing emails still use file attachments. These attachments can be attached to messages, promising large sales orders. A familiar document might be opened by the recipient without them even thinking.
It is becoming harder to identify which file formats you should avoid opening. Cybercriminals are becoming more sophisticated in infecting documents with malware. Even PDFs have been found with malware embedded.
Never open unknown file attachments. Use an antivirus/anti-malware application to scan all attachments before opening.
Take the time to read the message
As technology advances, we've become more proficient at scanning text. This allows us to quickly process large amounts of information every day. However, phishing emails can be difficult to spot if they are fake.
Take a look at the phishing example in the "Links” section. The second sentence contains a slight error in grammar. It was easy to spot.
The email says "We confirm that your order has shipped" instead of "We confirm your item has shipped." These errors are alarming signs that the email may not be legitimate.
Get help combating phishing attacks
Awareness training and security software are both key components to your defense against phishing attacks. For all your email security concerns, contact us today.