How to Use the SLAM Method to Combat Email Phishing Attacks

The year 2021 brought numerous data breaches, costly ransomware attacks, and an ever-growing, complex set of threats. Cybercriminals have taken their tactics to an entirely new level.

About 90% of data breaches can be attributed to phishing attacks, according to CISCO's 2021 Cybersecurity Threat Trends report, and 65% of phishing emails are spear-phishing scams. A separate study also revealed that employees receive an average of 14 malicious emails per year.

For healthcare organizations, one of the biggest concerns is how to spot phishing emails and guard against data breaches. Fortunately, medical providers can use a simple method to spot phishing emails and verify an email’s legitimacy: the SLAM method.

What Is the SLAM Method?

The SLAM method is a technique used to identify phishing emails. The acronym stands for sender, link, attachment, and message.

Sender

The sender is the person who sent the email. If the email isn’t from someone in your contact list, there's a chance it might be a phishing email. 

Email addresses should be checked carefully. Hackers often mimic legitimate email addresses and alter a few details so they seem legitimate. An email address may contain spelling errors, extra letters and numbers, or originate from a generic domain. 

Reputable companies typically send emails with their company name in the domain address (e.g., info@ertech.io, support@crowdstrike.com, support@fb.com, support@microsoft.com).

Link

A link found in phishing emails encourages recipients to click it so scammers can obtain sensitive data, like protected health information (PHI). Such links are used in many ways.

Check out the following scenario:

1. You receive an email from a seemingly trustworthy company alerting you that your login credentials have been compromised or that a suspicious login attempt has been detected.
2. The email then prompts you to click a link that leads to a webpage where you can supposedly reset your password.
3. To reset the password, you must enter both your existing password and a new password.
4. Sadly, the email is not from the company it claims to be, and instead of resetting your password, the fraudster steals your login credentials.
5. The fraudster is now in control of your account, and you didn’t realize it until it was too late.

To avoid being scammed, you should always be cautious when clicking links in emails, regardless of who sent them. If you’re not sure about the sender, exercise due diligence before you click any links from unknown sources.

Attachment

Attachment is another indicator of phishing emails.

Attackers often use malicious attachments, which, once downloaded onto a recipient's computer, allow them access to that computer and other devices that are connected to the same network. 

It's not a good idea to open unsolicited email attachments even if the sender is a trusted source. Whenever you receive an email attachment that you weren't expecting, you should contact the sender via phone or chat to verify its authenticity.

Message

Lastly, the message in the email could be another clue as to whether or not an email is phishing. 

Many phishing emails have evolved to mimic trusted entities, but some email messages themselves are easily detectable as fakes. If there’s odd language, misspellings, or poor grammar in the message, there’s a chance that it could be a scam.

Fraudsters think they can get away with using this poor method simply because they have defrauded many people by using it before.

How to Respond if You Receive a Possible Phishing Email

The SLAM method is a useful guide in identifying phishing emails, but you should also know how to act when you actually receive one.

Report the Email to Your IT Team Immediately

If you think you received a phishing email, don't do anything with it just yet. Instead, reach out to your IT team as soon as possible. They can help you confirm whether the email is legitimate. 

Following that, they can take steps to protect your business from current and future threats.

Don’t Download the Attached Files

Message attachments might contain malware. If you’re not expecting an attachment from the sender, don't download it. You can delete it immediately after reporting to your IT or cybersecurity personnel.

It's generally safe to open an email straight away. This practice was considered unsafe in the past since emails could contain scripts. Nowadays, scripting is no longer supported in modern email clients. Most won't even show images when they're from an unknown sender.

Don’t Click Any Links in the Email Body

Phishing emails are designed to look like they come from a legitimate company or someone you know. They usually have an urgent request and ask you to click links in the email body.

Phishing messages can contain links that lead you to harmful websites. You may be asked to enter your password, credit card information, or other personal data. This data can then be used by cybercriminals for identity theft or other malicious purposes.

Don't Reply

Ignore any requests from the sender and don’t call any numbers listed in the message. 

The email might ask for your personal information, which scammers will then use to steal your identity and make fraudulent transactions at your expense. 

It’s a good practice not to reply to emails from companies that you don’t know. Take extra caution against emails asking for personal information or payment transfers.

Change Account Passwords

Is it important to change your email account’s password when you receive phishing emails?

It may not be necessary to change your password if you only receive phishing emails once in a while. But if you receive phishing emails regularly, it’s time to change your password. By doing so, you prevent fraudsters from gaining access to your email account, should they attempt to do so.

Despite the differences between phishing and hacking, the cybercriminal's goal remains the same: to steal your data. If they don’t succeed in phishing you, the next step may be to hack your account.

It’s also a good practice to change your email password every month or as recommended by your IT team. Always vary capitalization, use numbers, and use special characters when creating new passwords.

Inform the Company Being Impersonated About the Incident

When a phishing email poses to be from a particular company, it is often best to report it directly to that company. Amazon, for instance, has a dedicated email address and web form for reporting both phone and email phishing.

Most companies and government agencies offer ways to report phishing, especially those that deal with financial or medical issues.

The Federal Trade Commission (FTC) is the primary US agency in charge of receiving scam reports. You can contact FTC online or through their phone number: 1-877-382-4357.

If you’re not sure how to proceed, coordinate with your cybersecurity experts.

Implement Remediation Strategies to Guard Against Future Attacks

As the first line of defense, your clinic staff needs to be familiar with the phishing attack vectors that cybercriminals are using. To achieve this, your medical practice needs to provide comprehensive cybersecurity training.

Creating internal simulations of phishing scams is a good strategy to help users avoid falling victim to phishing attacks. Through simulated phishing campaigns, clinic staff members are exposed to real-life examples of phishing attacks so they can better spot phishing emails.

Training medical workers about the threat of phishing scams is vital, but organizations must also implement technical controls to secure their networks.

Among these controls are email security techniques such as email filtering, spear-phishing protection, zero-day attack detection, sandboxing of malicious emails, machine learning models, and browser isolation.

Protect Your Medical Practice Against Phishing and Other Cyber Attacks

Every medical professional knows the importance of keeping their data safe. But with phishing scams on every corner, it's hard to stay vigilant. 

As healthcare becomes more digitized, it becomes increasingly vulnerable to online attacks. Phishing scams and other cyber attacks are becoming more common, and they can destroy the practice you worked so hard to build.

ER Tech Pros offers 24/7 managed services specially designed for healthcare organizations. We safeguard your medical practice's network by continuously monitoring it for vulnerabilities, malware, and other threats.

If you need some help with anything we've discussed in this article, please get in touch with one of our cybersecurity experts and take advantage of our free assessment.