Business email compromise scams, commonly called “phishing,” are one of the biggest threats to businesses today. Over 90% of data breaches are the result of phishing emails, so it’s crucial to make sure everyone in your company knows how to spot a phishing attack. Let’s take a look at the SLAM method (Sender, Links, Attachments, Message) – a way to break down the various components of an email and check the legitimacy of each.
Sender
The first thing to check is the sender. In most cases, the attacker sending the phishing email will be imitating a trusted contact, such as a vendor or a customer. However, you can usually spot that it’s a “spoofed” email by checking the actual email address. It will usually be a close replica of the actual address they are pretending to send as. For example, changing just a single letter in the web domain portion of the address. Attackers rely on employees who are moving too fast and won’t bother to actually check the address beyond a quick glance. Training your employees to take a few seconds to double-check the sender address can save a lot of trouble down the line.
Links
The second thing to check is the presence of any links in the email. A very common tactic used by phishing attackers is to create a fake hyperlink to a trusted site that actually directs to a malicious site. One of the most popular that we see is fake Microsoft 365 login pages – which could potentially give an attacker access to your company’s email system. It’s trivial for someone to create a fake link. Attackers use the technique to send potential victims to sites that can steal their information, download viruses and malware, or install browser extensions to snoop and steal data. Employees should be trained to hover their mouse cursor over any links, to see their true destination. This simple tactic can help prevent unauthorized access.
Attachments
The third potential attack vector is email attachments. Attackers will sometimes send malicious attachments to steal information. Fake PDFs and Word documents are common attachment types for attackers to use to steal data. These can contain malicious macros, which if enabled can function much like a virus. Otherwise, these attachments will often contain links inside of them to malicious sites. Employees should always exercise great caution when dealing with email attachments, and if ever in doubt, they should forward them to IT staff for review.
Message
The final thing for employees to be aware of is the message of an email. Phishing attackers are often from foreign countries, and English may not be their first language. Poor grammar, spelling, word choice and syntax are all potential warning signs that an email may not be legitimate. On the other hand, they may have a good grasp of English, and instead the email is filled with urgent calls to action, proposing a too-good-to-be-true deal but only for a limited time, or claiming that an unpaid invoice will head to collections if not handled within a day, and so on. Or, the email can appear to be from an executive within the company, instructing the wire of funds or other financial transactions immediately. Any email that urges its recipient to take immediate action should be viewed as potentially suspect, and one of the best mitigations for this is the phone. If everything else looks legitimate, it’s sometimes best to just pick up the phone and call to confirm. A two minute phone call can prevent weeks of damage control.
At Layered Systems, we offer advanced security training and phish testing to make sure that your employees are alert and aware of today’s threat landscape and how to handle it. Ultimately, your employees are your last line of defense, so it’s vital that every one of them is trained on email security and how to prevent themselves from falling victim to these scams. Contact Us today to learn how we can help secure your business.
