Fighting the phish: Best practices for spotting and avoiding phishing messages

There are three main categories that phishing messages fall into: email, text message and phone calls. Let’s break down these three categories to learn more:
Perhaps the most common method of phishing is done through email. We’ve all received these messages at work and on our personal accounts. Although IT has tools in place to help limit these messages coming through, there are those that do reach their target, us. This is why we must be diligent in watching for phishing emails.
We teach the SLAM method for spotting these malicious messages. SLAM stand for: Sender, Links, Attachments and Message. These four areas should be carefully inspected before acting on any unsolicited email.
Text message
Text message phishing scams are becoming more common. There may be fewer security controls to filter out these malicious text messages from scammers on our phones. In addition, scammers can pick random phone number combinations and usually have success, or they may find phone numbers available after breached data is posted on the Dark Web.
The SLAM method can also be applied to these messages as well, but be cautious with links and text messages, as they can’t be hovered over to view where they are directing you. If the text claims to be a company you use or do business with, try going to their website directly rather than clicking on any links provided.
Phone calls
Phone call phishing scams, also referred to as vishing, is another constant threat.
Although they lack the links or malicious attachments, scammers can use these phone calls to trick their victims into sending them money. Providing sensitive personal or company data, or convincing them to install ransomware on their own machine. Listen for prize offers, deals that seem too good to be true and threats or consequences for failing to act quickly. You should be exceptionally cautious with phone calls you did not initiate. When in doubt, just hang up.
Make sure you take phishing and its various forms seriously. And if you do spot a phishing message that has a chance of affecting others around you at work, report it to your supervisor and IT so everyone can be prepared.