Using the SLAM Method to Recognize Spam
We recently released a video all about identifying malicious emails using the SLAM method – Sender, Links, Attachments, and Message. For an overview, it does pretty well, but we also wanted to go more in-depth on each piece of the SLAM method and what you should look out for.
One of the biggest elements of any scam is urgency. The goal of any scammer is to get you to respond quickly, without enough time to think through the problem or to consult someone else. With any intense situation, it’s easy to get caught up in the rush of everything happening, but it’s very important to take a breath and try to remain calm. Think through the situation, and if you’re ever not sure, ask someone else for help.
With that said, let’s get into the SLAM method!
S – Sender
Scammers often use what’s known as “Email Spoofing” to make it seem like someone else sent the email you received. The way it works is pretty simple, because email hasn’t changed all that much since the days of “You’ve Got Mail!”. Think of email like a mailbox that you’re sending letters through. They slip some code in that basically erases the return address and makes it seem like it came from somewhere totally different. That means that they can make it seem like the email is coming from your own email address! This can make it tough to see through a scam email. (And that’s why we need all four parts of the SLAM method!)
Of course, that isn’t the only thing that scammers do to trick you with email addresses. They can also compromise email addresses through phishing attacks and use those legitimate email addresses to send malicious emails. They will usually change the display name of the email address to make it look like the email is coming from “Microsoft Support” or “Sweepstakes Winner”, but if you check out the actual “from” email address, it’s from a completely different email. Have you ever gotten a phone call from someone wondering why you just called them? The same thing happens with phones—scammers spoof real phone numbers to make it seem like they’re calling from a local number when they aren’t! So, if you get a malicious email from a strange source, don’t reply to it. It could be an innocent person!
You may also see emails that aren’t spoofed, but certainly aren’t legitimate. I get a lot of spam emails with addresses that are just a string of numbers and letters. There are many “temporary email” services that make strange addresses like that. If you see one of those, chances are that the email isn’t legitimate.
So, what do you do if the email address, the Sender, sets off alarm bells? Often, you can simply disregard the email. Report it as spam to your email provider, or phishing if appropriate. But if you aren’t sure whether to trust the Sender, you can use the rest of the SLAM method to double check.
L – Links
I don’t know about you, but I get a lot of emails with links in them. It’s so easy to just click on them without thinking. And while most modern email providers and web browsers will protect you a bit, it’s best to be sure before you click on anything!
One of the best ways to check links is by hovering over them. Some companies have link verification in place, so it will reroute your link through a secondary server, but if you don’t have that, then you should be able to see where that link is going. When you hover over the link, does it look like it will take you where you expect to go? If not, don’t click on that link!
This is a big reason that many companies will include a full-length link that you can copy and paste into your browser instead. You can see that the link goes to where you expect, instead of having to trust a hyperlink. If this is an option, I highly recommend checking it out to make sure that link leads where you think it should!
Why should you avoid suspicious links, anyway? A lot of shady business can happen when you click on any link. You may be redirected to the correct site through a secondary site that grabs information from your computer or browser just because it touched the page. They may also send you to a page that is built to look like the page you were expecting, but it is malicious. This is how most phishing attacks work—you type your login information into a page that looks real, and now the hacker has your username and password! That could compromise a lot of things very quickly.
Stay safe out there, and only click links from trusted sources!
A – Attachments
This one can be the scariest of all. Email is one of the easiest ways to send files between people and can be really convenient. But it can also be really dangerous. This year alone, there has been a new exploit using OneNote and even a prominent tech YouTuber whose channel was hacked and deleted just because one of his staff members downloaded and opened a PDF file!
The first thing to think about when you receive an email attachment is, Did I expect to get this attachment? If you weren’t expecting something, it’s safest to leave the attachments alone. Many times, they can reiterate the information attached to an email in the body of the email, and if it can’t, that might be a scam!
What kind of damage can be done if you download an attachment from a malicious actor? First, the attachment could be a virus or other malware in disguise. That could give the hacker access right away! There could also be embedded code that downloads the malware. The attachment could also be a phishing attempt, capturing data from your device or input from you to compromise your accounts. From there, they can access data they shouldn’t be able to, and could even use your compromised accounts to scam others.
The best way to avoid this vector of attack is not downloading any attachments that you weren’t expecting. Even if you know the sender, their account might be compromised! You can’t always trust the sender after all—but that’s a whole other part of the SLAM method.
M – Message
The Message of the email is arguably the most important tool for you to figure out whether an email is malicious. There are a lot of things to look out for, and attackers are constantly changing their tactics, so this isn’t a list, so much as guidelines—what to look out for, and how to spot the bad stuff.
Without a doubt, the thing to look for first and foremost is the grammar and spelling of the email. As scammers start to use AI more to write things for them, this might get a little trickier, but for now if you look over the email and notice spelling and grammar mistakes, especially in ones claiming to be from big companies (think Microsoft and PayPal), then chances are good that it’s fake. Many malicious emails come out of countries where English isn’t a first language for people, and they say things a little differently than a native speaker would. Even when their English is excellent, they might choose different words than a native speaker would, just because of the difference in dialect. Read the email through more than once to make sure that the flow makes sense.
Another part of the message to look for is how the email is addressed. If you are receiving an email from a company that you have an account with, then they should (and most of the time will) address it to the person who owns the account. They won’t say “User” or give a generic opening. Of course, they can grab your name from the display name on your email address, so that’s not a guarantee (but it makes for some funny attempts if you aren’t using your real name).
Make sure that there is verbiage at the bottom of the email from the company that it claims to be. This is, of course, easily copied from an actual email from the company, so also not a guarantee. As mentioned in the Links section above, the links in that footer should also go back to the company in the email. If they don’t, that’s awfully shady!
You should also keep an eye out for the use of urgency in the messaging. Telling you that something bad will happen to your account in the next 24 hours if you don’t click on something, or threatening legal action if you don’t send them information or money. Always be wary of “urgent” requests.
With any of these steps, there is room for doubt and changing tactics. If you aren’t sure if something is a scam, you can always reach out to your company’s IT department, or to a trusted friend or coworker. Scams and other malicious emails can be hard to spot sometimes, and it’s a lot better to ask for help than end up with a compromised device or sending money to someone you don’t mean to.
The goals of malicious attacks vary, but they have one thing in common. In order to work, someone has to fall for it. Your job as a user is to keep them from getting their foot in the door or your data, device, or finances.
I hope this article helped you understand the SLAM method and how it can help you spot malicious emails! If you have questions, contact us!