How to Use the SLAM Approach to Improve Phishing Detection Skills


Phishing just never seems to go away and remains the most dangerous threat to company networks. Phishing relies on the ability of the message to trick the user, and this is unfortunately easily done in many cases. Employees continue to fall for phishing emails for several reasons, including:

  • Phishing continues to get harder to spot
  • Phishing often spoofs email addresses, and a person might recognize
  • Lack of proper phishing awareness training
  • Employees react to emotional triggers in phishing emails and click before they think

In just the second quarter of 2021, phishing attacks have risen 281% in May and another 284% in June. Without a multi-faceted IT security strategy in place, which includes ongoing employee awareness training, it’s only a matter of time before a company falls victim to an attack. One of the challenges of training employees on phishing awareness is that they can easily forget all the different things they need to do to check whether or not an email is legitimate. Using the SLAM approach can help because it gives users an easy-to-remember acronym for all the places they need to check an email to see if it’s a fake. SLAM stands for the four main places to look for phishing:

  • Sender
  • Links
  • Attachments
  • Message

We’ll go through each in detail below. Feel free to share this with your team to help them sharpen their phishing detection skills!

Check These Areas of a Message to See if It’s Phishing 


The person you see listed as the sender of a message might be a fake. It’s important to thoroughly check the email address for anything strange, like a character that is one off from a well-known domain. Additionally, look to see if you know or recognize the sender, and if not, look up the email address online to double-check. In the example below, we’ll show a very clever phishing email that uses a copycat email address that seems to be from Bank of America. But you’ll see that a quick email search instantly reveals the address to be a scam. Additionally, it’s important to check the source code of the message header in your email program. This can reveal if the email was sent from a completely different address than is shown as the sender.

A few years back, phishing scammers largely switch to using links in their emails because they get past many types of antivirus software more easily than file attachments. Users also tend to trust links more than attachments. However, even innocent-looking links can lead to malicious sites that spoof websites and look legitimate.

For example, you may receive a phishing email that looks like it’s from a colleague sharing a Google Drive file. The link to a PDF looks safe enough, but when you click it, that PDF actually has redirect code added and it lands you on a phishing site asking you to sign in with your Google ID. It’s important to always hover over links without clicking to see the real URL behind the text or an image presented in the message. It’s also a good habit to go to a site directly rather than through a link in an email to ensure you’re not being led to a phishing site.


While links may be used in a majority of phishing emails, there are still many out there that include malicious file attachments. A majority of people are wary of strange file types like .tar or .exe but may not be as suspicious of a Word document or PDF. No matter what type of file is attached to an email, it could contain malicious code that’s just waiting to be unleashed once you click to open the file. Some of the safeguards you should have in place to guard against phishing attachments are:

  • Never open an attachment from an unknown sender
  • Use a reliable email filtering or anti-malware program to scan file attachments automatically
  • Don’t default to trusting attachments of any file type


While phishing emails have become much more sophisticated over the years, they can still contain mistakes that are giveaways that they’re fake. This could be a typo, grammatical error, or something that seems “off,” such as an old year in the copyright notice of a signature. Remember the image we showed above as an example of hovering over phishing links? Other than the strange URL, did you spot the other giveaway that the message was a scam? Take a close look at the second sentence. The email uses the term “We confirmation that your item has shipped” instead of “We confirm.” That’s a mistake that is easy to miss if you’re not carefully reading the message text. One other mistake that is not quite as obvious is that the message says, “Your order details are available on the link below” instead of “at the link below.”

Improve Your Phishing Defenses With Training & Protective Solutions

You need a combination of both ongoing awareness training and protections like DNS and email filtering to combat phishing. Copperband Technologies can help your southern Kentucky or Middle Tennessee business with both. Contact us today to schedule a consultation! Call 931.263.8000 or reach us online.