The Email Dilemma: Fighting Back - SLAM the Phish Part 2

Phishing emails are a significant threat, and identifying them can be tricky. In yesterday’s post, we broke down the first two elements of the SLAM method: Sender and Links. Today, we’ll conclude this 6-post series by diving into the remaining components of SLAM: Attachments and Message.

Unpacking Attachments: What’s Inside?

Does the email contain attachments? If so, are they appropriate? Often, attachments may look like typical files—PDFs, Word documents, PPTs, or text files. But just because an attachment seems standard doesn’t mean it’s safe. Phishers know that these files can bypass spam filters, so they use them to hide malicious links or harmful files that could prompt you to take an unintended action.

Here’s the key takeaway: Always consider the context. If the attachment doesn’t make sense or you weren’t expecting it, it could be a red flag. Take a moment to inspect the file type and purpose. Slowing down can make the difference between spotting a threat and falling victim to it.

The Message: What’s the Tone?

Next, let’s look at the message itself. The first thing to assess is the greeting. Is it appropriate for the sender and the nature of the email? For example, a message from your boss should feel different than one from an unknown sender.

Next, focus on the call to action. Is the message pressuring you to act quickly or threatening you with consequences? Phishing emails often create a false sense of urgency, demanding immediate action or threatening negative outcomes. If a message seems too aggressive or out of place for a professional setting, it’s time to pause and think critically.

Phishing attempts can range from seemingly harmless subscription renewals to highly personalized messages containing your private information, such as passwords or subscription details. They may come across as friendly and non-threatening, or they could be extortionary. Regardless, the best approach is to slow down, assess, and never rush into action.

Choose Your Hard: Prevention or Consequences?

It’s important to ask yourself: Do you want to do the hard work of paying attention and identifying phishing emails, or do you prefer the hard work of cleaning up the aftermath of a cyberattack? The consequences of falling for phishing scams can be costly, including financial loss, compromised data, or even losing your job.

Key Takeaways and Next Steps:

1. Slow IT Down
   If an email is unexpected or seems off, take a moment to pause and think before acting. It’s better to take a few extra seconds than to act impulsively and regret it later.

2. IT’s Not Just Email
   Phishing isn’t limited to just email. Be cautious of texts, phone calls, fake websites, and even QR codes. The FBI has warned that cybercriminals are increasingly using altered QR codes to direct victims to phishing websites designed to steal personal and financial information.

3. SLAM the Phish
   Always assess the email using the SLAM method:

   • Sender

   • Links

   • Attachments

   • Message

If anything seems out of place, reach out to the sender by phone or through their official contact details on their public website.

Conclusion

Phishing emails continue to evolve, and it’s essential to stay vigilant. By applying the SLAM method—assessing the sender, links, attachments, and message—you can protect yourself and your organization from falling victim to phishing scams. Remember, slowing down and thinking critically about each email can save you from costly mistakes.

Stay safe, stay alert, and SLAM the phish!