Increase Your Team’s Phishing Identification Skills Using SLAM
It’s scary to think that if an employee clicks just one malicious email link, your whole business could be jeopardised. Unfortunately, this is precisely what happens in a phishing attack – a type of scam that is causing havoc for businesses across Australia.
According to the Australian Competition and Consumer Commission’s Scamwatch, phishing was the most reported scam in 2020, with Australians reporting over 44,000 phishing attacks – up 75% from the previous year. Not only that, but these scams cost a massive $34.28 million in 2020.
Protecting your business from phishing is essential. A successful attack could impact your business in a considerable number of ways. Downtime, reputational damage and compliance fines are all potential repercussions.
However, protecting against phishing isn’t always straightforward. Even with the best anti-malware and email security solutions, a phishing email could still land in your employee’s inbox. It’s your job to empower them with the knowledge they need to identify and report phishing emails rather than falling victim.
With that in mind, here’s a simple but effective way to help improve your team’s phishing detection skills.
How SLAM Can Help Your Employees Identify Phishing Emails
Phishing awareness and training is a huge part of a successful cyber security strategy. It should be complemented by advanced threat protection and data security solutions.
If your employees have never heard of phishing, they won’t know to scrutinise emails from unknown sources. To stop your people from falling for these scams, you need to equip them with baseline knowledge.
It’s important to remember, though, that your employees aren’t security professionals. Jargon fueled, complex worksheets or lengthy training sessions might tick the proverbial training box, but your employees aren’t necessarily learning.
One effective method for helping employees spot a phishing email is SLAM. It’s an acronym that lists out the different parts of an email a user should check before trusting it:
Here are the instructions for each letter of the acronym:
Employees should double-check the sender’s name in the email’s address bar to ensure it is legitimate. It would be best to remind your employees that sender names aren’t always what they seem.
Sometimes, cybercriminals will spoof email addresses, hoping to catch their victims off guard. These spoofed email addresses will often feature tiny discrepancies, such as a misspelling. For example, an email might come from “microsooft.com” instead of “microsoft.com.”
Links are often how cybercriminals deliver malware. They also use links to spoof legitimate sites, such as Outlook 365, where employees are asked to enter their credentials. From there, the criminals will harvest the credentials from the fake site for use in another cyber attack.
Advise your employees to hover over links before clicking them. Doing so will reveal the URL of the page. If the page is not what it seems to be, your employees should not click on it and instead flag the email to their IT person or IT managed services team.
As another precaution, you should recommend that employees always visit brands websites directly, rather than clicking on the link in the email. For example, if an employee gets an email from Amazon. They should log in to their account online to check if the email is legitimate, rather than clicking the follow-through link.
Malware is often hidden in suspicious attachments, such as Word documents or Excel spreadsheets. Your employees should not open file attachments from unknown sources. To help protect against this kind of phishing attack, you should also deploy email filtering and anti-malware protection, and these can catch many standard malware delivery emails.
While some phishing attacks are highly targeted and hard to spot, others are mass campaigns that lack attention to detail. Generally speaking, phishing emails may contain a few spelling or grammar errors, which will undermine the email’s legitimacy.
Employees should also read the message carefully to see if anything about the request in the email is off or unusual. If so, there’s a good chance the email is a scam.
Spelling or grammatical errors might be easy to miss if you don’t look carefully. For example, in this email below, the second sentence has a slight grammatical error that gives it away as a fake before you even hover over the hyperlinked button.
It states, “We confirmation that your item has shipped” instead of “We confirm that your item has shipped.” This is a small error, but one that the real Amazon would not make.
Schedule a Phishing Security Review Today!
Don’t be in the dark about your phishing defences. GKM2 can assist your Sydney area business by reviewing your IT security strategy and letting you know of any weaknesses that could leave your company at risk.
Contact us today to learn more. Call +61 2 9161 7171 or reach out online.