Skip to content

Get Better at Catching Phishing Emails Using SLAM

Get Better at Catching Phishing Emails Using SLAM

Phishing emails remain one of those persistent cybersecurity problems that never go away and continue to get worse. Phishing is responsible for a large majority of malware infections and data breaches, and it only gets more sophisticated, with scammers using automation and personalization.

This attack method continues to run rampant, with a surge of 281% in May of 2021, and a spike of 284% just a month later, in June.

While having the right email security and antivirus tools can help you reduce the damage of a phishing attack, the best line of defense is your users. After all, they’re the ones that are being targeted.

Employee security awareness training that helps employees detect phishing and avoid falling for malicious emails can significantly reduce your risk of becoming a victim of a cyberattack. Many companies do some form of training or at least provide tip sheets to employees. However, if training isn’t ongoing or done in a way to aid retention, users can quickly forget how to detect phishing amid a busy day.

One method that helps your employees remember how to check an email for phishing and provides a “brain break” to detach from an urge to take action on a message is SLAM.

SLAM stands for:

  • Sender
  • Links
  • Attachments
  • Message

These are the four key areas of an email that need to be checked thoroughly to detect a phishing scam.

Ways that using SLAM helps your employee strengthen their phishing identification skills are:

  • It forces employees to stop and check 4 different message areas, which keep them from clicking before they think.
  • The acronym is easy to remember
  • It covers the key areas where they can find clues that a message is not for real

Here’s How to Use SLAM in Your Security Awareness Training

Share the information below to help your employees know what they need to check in a message to determine whether it’s real or fake.


You can’t always trust the name you see as the sender of a message. It’s important to look at the full email address carefully to see if there are any anomalies. 

For example, does the domain look correct, or does it have an extra unexplained word in it? Scammers often use subdomains to mask the fact that the email address is fake.

This example of a clever phishing email looks to be from Bank of America, but it’s not. The sender’s address is “” They use “bankofamerica” in the domain to fool the user into overlooking the “emcom” part.

But a quick google search on that email address, reveals it to be a fake.

Don’t take email addresses for granted. Search them online if they look suspicious or if you don’t know the sender.

It’s also a best practice to review the source code of the message to see if you see a different email address listed as the email originator, which could indicate phishing.


Hyperlinks have been weaponized, and they’re used often in phishing emails because users tend to trust them more than attachments. Links also can get by a lot of antivirus programs because they are technically not a virus. They are just linking to a page that may contain one or that may go to a fake login form.

Hover over links in an email before clicking on them to see the real URL. Often that can instantly reveal a fake.

You should also avoid links when you can and get in the habit of going to websites directly. For example, instead of clicking a link in a shipment tracking email, go to the carrier’s site by typing the name in your browser and putting in the tracking number. 


File attachments have gotten more sophisticated in an attempt to trick users. It used to be that you could trust something like a PDF, but no more. Even PDFs can be made to release malware. Word documents can also contain macros that infect your device with malware.

Do not trust or open any attachment from an unknown sender. Always have attachments scanned for malicious code by an antivirus/anti-malware program before they are opened.


The fourth area of an email to check to detect phishing is the message text. It’s easy to skim by small grammar errors, typos, and capitalization mistakes, but these can be giveaways that an email spoofing a big company is actually a fake.

For example, in the spoofed AT&T email that we posted above, there is a very slight capitalization error, but one that is a clue that this did not come from a large company like AT&T.

If you look at the sentence above from the email, you’ll see that “And” is incorrectly capitalized. That entire sentence also looks a little “off” when you read it “quick And very easy support.”

Be aware of any of these slight errors, because they can be the clue you need to identify an email as a fake. 

Get Help With Employee Training & Email Phishing Defense 

GEEK911 can help your Silicon Valley area business put a two-pronged approach in place to improve your email platform’s defense against phishing and train your employees on detection.

Schedule a consultation by calling 1-866-433-5411 or reach us online.

Leave a Comment