While there are more sophisticated methods of attack, malicious emails still are the most effective starting point for bad actors accounting for nearly 80% of threats. That makes you and every individual the first and best line of defense to SLAM the door on email attacks. The SLAM email security method is a simple and effective approach to enhance email security. It focuses on four key elements: Sender, Links, Attachments, and Message content.
Sender: Bad actors often pose as a presumably trusted individual that you know when sending malicious emails. it’s important that you inspect the sender’s details for validity, especially if the content of the email requests sensitive information or unexpected action. In most email applications, you should be able to inspect the sender’s email address before opening the email. Hover over the sender’s name to inspect, looking for spelling errors, extra letters, character font changes, generic domain, or includes sub-domains (@email.microsoft.com instead of just @microsoft.com). Your IT department can deploy email authentication as well including SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to help ensure the legitimacy of the sender’s domain.
Links: Most attack emails include a link prompting you to click through to either download malicious software, provide system access, or give up your credentials, financial, or other sensitive information. Links should always be approached with caution. Just like with a sender’s email address, a link should be hovered over to inspect the legitimacy of the URL destination and checked for the same malicious indicators like spelling errors, character font change, or unexpected domain. Also make sure the website linked in the email uses the “HTTPS” encryption, especially when dealing with sensitive information. To avoid malicious links completely, go to your internet browser and navigate directly to the known and trusted website of the company or organization the email appears to be coming from and find your way to the requested information or call the company or person directly (to a known and trusted phone number) for more help.
Attachments: Another attack method is a malicious attachment that contains malware or ransomware. When downloaded, the bad actor has access to your system and other devices connected to the same network. Even when a trusted sender sends an email attachment, it is never a good idea to open an unsolicited email attachment. Before opening an email attachment that you were not expecting, you should reach out to the sender directly to confirm its legitimacy. Your IT department can also deploy antivirus software as an extra step that automatically scans email attachments for potential threats before allowing users to download or open them.
Message: This element of the S.L.A.M. email security method is generally the easiest to detect. While bad actors are getting more sophisticated in mimicking trusted entities, some email messages themselves can easily give away their lack of authenticity. When the email message contains urgent requests for personal information, spelling and grammar errors, generic greetings, or strange wording, those are red flags the email is malicious. Verify unusual requests through a separate communication channel before taking any action and report the email to your I.T. department if you suspect an attack.
Educate yourself and your staff on these principles and consider conducting regular security awareness training sessions or sending out informational materials to SLAM the door on email attacks. Encourage a culture of skepticism and vigilance when dealing with emails, as this can significantly reduce the risk of falling victim to email-based threats. We can help you get started with a security awareness training program.