Phishing is when criminals use fake emails to lure you into clicking on them and handing over your personal information, or installing malware on your device. It’s easy to avoid a scam email, but only once you know what to look for. The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Here are some quick tips on how to spot a phishing email.
How to spot a phishing email using the SLAM method
SLAM is an acronym for four key areas of an email message to check before trusting it.
- S = Sender
- L = Links
- A = Attachments
- M = Message Text
Check the sender
It’s important to check the sender of an email thoroughly. Often scammers will either spoof an email address or use a look-alike. People often mistake a spoofed address for the real thing.
Hover over links without clicking
Malicious links often get past antivirus/anti-malware filters. Those filters are looking for file attachments that contain malware. But a link to a malicious site doesn’t contain any dangerous code – instead, it links to a site that does.
Links can be in the form of hyperlinked words, images, and buttons in an email. When on a computer, it’s important to hover over links without clicking on them to reveal the true URL. This often can immediately call out a fake email scam.
Never open unexpected or strange attachments
File attachments are still widely used in phishing emails. Messages may have them attached, promising a large sale order. The recipient might see a familiar word document and open it without thinking. Even standard business document formats like .docx and .pdf can be embedded with malware. Never open strange or unexpected file attachments.
Read the message carefully
Phishing emails usually contain common indicators in the body of the message that you can use to evaluate their legitimacy. Here are the things to look for:
- Contains an offer that’s too good to be true
- Language that’s urgent, alarming, or threatening
- Poorly-crafted writing with misspellings and bad grammar
- Greetings that are ambiguous or very generic
- Requests to send personal information
- Urgency to click on an unfamiliar hyperlinks or attachment
- Strange or abrupt business requests
- Sending e-mail address doesn’t match the company it’s coming from
What actions should you take?
Don’t worry! You’ve already done the hard part which is recognizing that an email is fake and part of a cybercriminal’s phishing expedition. If the email was sent to your work email address, report it to your IT team as quickly as possible. If you’re at home and the email came to your personal email address, do not click on any links (even the unsubscribe link) or reply back to the email. Make sure to report it as a phishing attempt to your email provider.
Do you need help training your employees how to spot a phishing email?
We’d love to chat! Regular cybersecurity and phishing awareness training is just one of the services included in our managed IT services plans. Schedule a free 15-minute discovery call with someone from our team today!
P.S. if you’re looking for a new IT service provider, check out our guide that covers how to choose your next IT service provider for some quick tips to get you started!