Phishing is the most common scam tactic reported to the FBI. Yet many people need help confidently identifying a phishing email. As phishing methods become more sophisticated every day, even the savviest person can be duped.
One crucial element found in most scams is the creation of urgency. Scammers strive to prompt quick responses, preventing individuals from carefully considering the situation or seeking advice from others. When faced with a high-pressure situation, it is easy to get caught up in the flurry of events. Nevertheless, it is vital to take a moment, stay calm, analyze the situation, and reach out to someone trustworthy if you are uncertain.
Let’s dive into the SLAM (Sender, Links, Attachments, Message) method:
Sender:
Scammers often use what’s known as “Email Spoofing” to make it seem like someone else sent the email you received. Think of email as a mailbox through which you send letters. Scammers insert code that erases the return address and replaces it with a completely different one, often making it seem like the email originates from your own address. This can make it challenging to identify a scam email.
However, spoofing is not the sole method scammers use to deceive individuals with email addresses. They can also compromise legitimate email accounts through phishing attacks and employ those accounts to send malicious emails. Typically, they alter the display name of the email address to make it appear as if the email is from “Microsoft Support” or “Sweepstakes Winner.” Yet, if you examine the actual “from” email address, you will discover it is entirely different.
What should you do if the email address, the sender, triggers alarm bells? In many cases, you can safely ignore the email and report it as spam or phishing to your email provider. However, if you are uncertain about trusting the sender, you can employ the remaining steps of the SLAM method to double-check.
Links:
Links embedded in emails can lead to dangerous websites or trigger malicious downloads. To protect yourself, exercise caution before clicking on any link. Before clicking, always hover over a link to see its destination. Does it match the expected URL? Alternatively, copy and paste the link into your browser from a reliable source. Avoid urgent requests and only click on links from trusted sources.
Attachments:
Attachments can be the most worrisome element of an email. Email is a convenient method for exchanging files among individuals but presents significant risks.
What harm can be caused by downloading an attachment from a malicious actor? Firstly, the attachment could be a virus or malware disguised as another file type, providing immediate access to the hacker. The attachment might also contain embedded code that automatically downloads malware onto your device. Alternatively, it could be a phishing attempt aimed at capturing sensitive data or credentials, which in turn compromises your accounts. Once your accounts are compromised, the hacker gains unauthorized access to your data and may exploit them to scam others.
When you receive an email attachment, the first question to ask yourself is whether you were expecting it. If you were not anticipating any attachments, it is safest to leave them untouched. Even if you know the sender, their account might be compromised! You can’t always trust the sender, but that’s a whole other part of the SLAM method.
Message:
The content of an email provides valuable clues to its authenticity. Without a doubt, the thing to look for, first and foremost, is the grammar and spelling of the email. This gets trickier as scammers use AI more to write content for them. Still, for now, if you look over the email and notice spelling and grammar mistakes, especially in those claiming to be from big companies (think Microsoft and PayPal), then chances are good that it’s fake.
Look for personalized greetings instead of generic salutations like “User.”
Verify the presence of company-specific information in the email, such as accurate contact details and legitimate links. Be cautious of urgent or threatening language that aims to rush you into taking immediate action.
Always take your time to evaluate the email’s message. If you are unsure whether something is a scam, contact your company’s IT department, a trusted friend, or a coworker. Identifying scams and malicious emails can be challenging at times, and it is far better to seek assistance than to end up with compromised devices or inadvertently send money to the wrong party.
The goals of malicious attacks may vary, but they all share a common objective: someone falling victim to them. Your role as a user is to prevent them from gaining access to your data, devices, or finances.
We hope this article has provided you with a better understanding of the SLAM method and its ability to help you identify malicious emails. If you have any questions, please feel free to contact us at any time!