It may seem like you’re always focused on phishing during an employee cybersecurity awareness training. There’s a good reason for this. Phishing remains the number one cause of data breaches and malware infections. It’s an all-purpose method of launching multiple types of attacks.

And… it keeps working!

If phishing didn’t return any benefits, then scammers would move on to another type of attack. However, it still proves quite successful for breaching company networks, stealing credentials, and conducting other types of online attacks.

In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher.

Users may be trained occasionally on how to spot phishing emails, but if training isn’t ongoing and they don’t have regular reminders, they can forget to check a particular email or may take action on an urgent message without thinking.

One method that helps with user retention of phishing detection skills and removes the need to urgently react to an emotion-triggering message is SLAM.

SLAM stands for:

  • Sender
  • Links
  • Attachments
  • Message

These are the four key areas of an email that should be checked to review an email for its legitimacy. Using SLAM provides your users an easy acronym to remember that you can use in posters, email newsletters, etc.

When users take the time to use SLAM on an unexpected email message before reacting, it also gives them a reason to step back and think before they react.

Here’s how to train your users on the SLAM approach to improve your IT security and reduce the risk of falling victim to phishing.  

Check the Sender

You shouldn’t just trust that the name in the sender line of an email is the person or company that actually sent the message. Hackers will often use email spoofing to put an email address you recognize in the “From” line to trick you into trusting it.

They will also use a subdomain to create an email address that looks to be real. For example, most people that see this Bank of America email might think that the address “” is legitimate, and maybe the “emcom” has something to do with their email service.

But, this is just a clever scam email using a lookalike email address designed to fool the recipient.

Searching for any unknown email addresses on Google can often bring up a scam. As you see above from a quick search on that address. It’s also a good idea to look at the message source code to see if there’s a different address shown as the originator.

Check the Links

Users tend to trust links more than file attachments when they see them in an email. But links have become the most popular way to get a user to interact with a malicious message. These links can take you to phishing sites full of malware that infects your device. They also lead to spoof sites designed to trick you into logging in to a particular service (e.g., Microsoft 365 or Netflix) so they can steal your credentials.

The best defense against malicious links is to use a DNS filter. You should also always hover over links before clicking them to reveal the true URL.

In this image below, the attacker is spoofing an Amazon email, but hovering over the link immediately reveals it to be a fake.

Check the Attachments

Even though a lot of phishing emails now use links, there are still those that use malicious file attachments. You never want to open a file attachment in a message from an unknown sender.

These can be very enticing, such as one promising you that a large purchase order for your products is attached. There can also be those that ask you to fill out a form for an upcoming office holiday celebration to choose what you’ll bring.

You should always have a reliable antivirus/anti-malware program on your devices that check email attachments in real-time for any malicious code.

Check the Message

We tend to speed read through emails these days and can often miss important details. You should carefully examine the message of any unexpected or suspicious emails to look for even the slightest thing that seems “off” like a typo or grammatical error.

In the phishing example posted above, there is a small error in grammar in the second sentence. Did you spot it?

It says, “We confirmation that your item has shipped,” instead of “We confirm that your item has shipped.” These types of errors can be hard to spot but are a big red flag that the email is not legitimate.

Protect Your Company from Online Threats With Help from ECN IT

ECN IT Solutions can help your Tucson area business put a two-pronged solution in place to keep your network secure, including employee awareness training and application solutions.

We’re here and ready to talk cybersecurity with you! Reach out at 520-335-7553 or through our website.