How to Use “SLAM” to Improve Phishing Detection Skills

How to Use "SLAM" to Improve Phishing Detection Skills

According to the most recent IBM Security report on the cost of data breaches, Canada is at an all-time high. The current average cost of a data breach in the country is $6.75 million per incident (the prior year, it was $6.35 million).

The main cause of data breaches, as well as ransomware and other malware attacks, is phishing. Phishing campaigns continue to get more sophisticated and harder for the average user to detect without ongoing cybersecurity awareness training.

It may seem like you’re reviewing the same things over and over again when you conduct security awareness training, but it’s important to keep reinforcing phishing detection. The more your users hone their phishing identification skills, the better your overall IT security will be.

A well-trained team that has sharp phishing detection skills can reduce a company’s risk of falling victim to a cyberattack by up to 70%

One approach you can teach your team is the SLAM method of phishing detection. 

SLAM is an acronym that reminds users of four key areas in an email to check to uncover phishing:

  • Sender 
  • Links
  • Attachments
  • Message body


The sender of an email message can be spoofed in a few different ways. One is that the sender can use a plain text name that will trick a user that is only glancing up at the email sender, but not looking at the email address.

The second way is to actually spoof a different email address than the one that the message was really sent from. So, it can look like an email is coming from a colleague, using your company’s email address format. However, the message did not originate from your company at all.

A third tactic that phishing scammers use is to enter an email address that is close to the real address, but slightly different. Such as using “[email protected].” The scammer will put “amazon” in its own address to try to get the user to ignore the “trecon” part.

Always carefully check the sender of a message to ensure there are no slight typos in the address. 

If you get an email from an address that you’re unsure about, check it before you take any action. You can ask your IT provider or do a Google search on the email address to see if any scam warnings come up.

The bottom line is that you can’t simply trust the sender’s email address, you need to verify it.


Malicious links are used more often than file attachments. Phishing links will take users to malicious sites that load malware onto their computers. They can also lead to a fake login page designed to steal a user’s login credentials.

It’s important to always hover over links without clicking on them to see the real URL. 

Using a DNS filter can also help protect users that click too fast by redirecting them to a warning page if a phishing site is detected.


While links may be used more often, file attachments are still used in plenty of phishing emails out there so it’s important to be wary of opening any email attachment. File attachments can contain all types of malware, including spyware, ransomware, a virus or trojan, and more.

Even innocent-looking file types like PDF can be weaponized to deliver malicious code.

Users should have up-to-date anti-malware on their PCs that will scan any attachments before they’re opened. Ideally, all incoming email messages should be scanned by an email filter before they are delivered to user inboxes.

Another precaution against a malicious file attachment is to disable the automatic loading of macros in Excel and Word.


The body of the message is the fourth place to look in an email for phishing. Users should be looking for any signs that the email is “off” in some way. These could be very difficult to notice.

One of these would be spelling and grammar errors. While scammers have gotten quite sophisticated, you can still spot errors in some phishing emails if you take the time.

For example, in the image above, you may not have noticed that the second sentence has a grammatical error. Instead of saying, “We confirm that your item has shipped.” The phishing email says, “We confirmation that your item has shipped.”

Graphical user interface, text

Description automatically generated

A small error, but one that is a giveaway that this is a phishing email. 

In addition to grammar and spelling errors, look for things that don’t seem quite right, such as a reference that doesn’t make sense or the use of threats of losing access to an account or other urgent warnings. Phishing scammers are trying to get users to click before they think, so they often will use the threat of something bad that will happen if you don’t take action. 

Need Help Reducing Phishing Risk?

Haxxess can help your Northern Ontario business put safeguards in place that can reduce the number of dangerous emails your users receive.

Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.

stay in touch

Subscribe to our newsletter and we'll keep you informed about latest IT news.