There’s no quick fix for phishing attacks and ransomware once they happen, but there is an easy-to-remember method to help prevent them. As cybersecurity remains a key focus for businesses heading into 2022, simple prevention methods are a welcomed solution.
One of the most impacted industries is healthcare. SLAM is an acronym for a set of simple methods to prevent and identify phishing attacks proactively.
What does SLAM stand for?
- Sender– check the sender’s email address by clicking on the sender’s name. Often, malicious actors will closely mimic a reputable sender’s email address. For example, “@amazon.com” might appear similarly to “@ammazon.com”. Check for extra letters, strange symbols, or minor misspellings to alert you if it is, in fact, a phishing email. Another thing to be on the lookout for is a reputable sender/company with an email address that would generally end in the company’s name but ends in something like @yahoo or @gmail instead. For example, amazonsu[email protected] would alert you to a malicious email (typically, a trusted sender would be something like [email protected] for a large organization like Amazon).
- Links– always beware of links! Never click a link provided in the body of an email unless you can 100% confirm from the sender that the link is legitimate. When in doubt, don’t click! Always check with the sender or your IT security team if you have any uncertainty.
- Attachments– the same rules for links apply to attachments. Confirm with the sender of the email that the attachment is legitimate before clicking or downloading. Malicious actors often use downloadable attachments as a way to have you download malware onto your computer.
- Message– sometimes, the actual message in an email is an easy indicator that it’s a phishing email. But beware – cyber actors are getting more sophisticated by the day, so you will need to read closely and be wary of anything that seems unusual.
What To Do If You Recognize a Phishing Email
The SLAM method helps employees and leadership recognize phishing emails when they land in their inbox. But what about the next step? Here’s what to do if you recognize or suspect a phishing email:
- Do NOT click any links or forward the email.
- Mark the email as spam (this is an option in all email accounts, if you don’t know where this is, ask your IT department, so you’re prepared).
- Report the phishing email to your IT department or external IT security team – they will be able to block the sender’s domain address to protect your organization. NOTE: ask your IT department for their best practice on this. Over 3 billion phishing emails are sent worldwide; blocking them does not do much.
- Report the phishing email to your manager or management team so they can alert other employees in your organization and prevent the spread. NOTE: again, ask your IT department for their best practice on this. If a phishing attempt looks like a coworker or client, we recommend giving your team a heads up.
If your company is in Arizona and wants to discuss strategies to strengthen your email security posture, reach out here.