The SLAM Method: A Simple Way to Help Your Team Spot Phishing Emails

Your practice manager opens her email at 9am on a Tuesday. There is a message that looks like it is from your document management system, asking her to verify her login. The branding looks right. The tone sounds professional. She clicks the link. That one click is all it takes to hand over her credentials to someone who should not have them.

Phishing is the starting point for most serious cyber incidents - ransomware, data theft, account takeovers. The reason it keeps working is straightforward: people are busy, emails look convincing, and checking every message carefully takes time no one feels they have. Research shows that even after security awareness training, phishing detection skills fade within six months. Staff forget what they learned, and the risk creeps back up.

That is the core problem with one-off training. Without a simple habit to fall back on, people default to trusting what lands in their inbox. And scammers are getting better at this, using AI to personalise attacks and make fake emails harder to distinguish from real ones. For a healthcare practice or legal firm handling sensitive client information, a single successful phishing attempt can trigger obligations under the NZ Privacy Act 2020 - including notifying affected individuals and the Office of the Privacy Commissioner at privacy.org.nz.

A practical tool that helps with memory retention is the SLAM method. SLAM stands for Sender, Links, Attachments, Message - the four things worth checking before trusting any email that asks you to do something. Check who actually sent it, not just the display name. Hover over any links before clicking to see where they actually go. Never open a file attachment you were not expecting, regardless of the file type. And read the message text properly - phishing emails often contain small grammar errors or slightly odd phrasing that give them away if you slow down for a moment.

When this becomes a habit rather than a checklist, it changes how your team handles email. Suspicious messages get flagged rather than acted on. Staff feel confident enough to question something before clicking. The damage from a credential theft or a malware-loaded attachment is avoided because someone paused for ten seconds. That pause is worth a lot when you consider what a breach costs to clean up, both financially and in client trust.

SLAM is a useful habit, but it works best alongside technical controls - email filtering, multi-factor authentication, and software that scans attachments automatically. Staff awareness and good security tooling need to work together. Neither is enough on its own. If you want to understand how well your current setup covers both, ITstuffed's approach to cyber security for NZ businesses covers what good looks like in practice.

ITstuffed works with professional services businesses in Canterbury. If you want a quick read on where your IT security actually stands, book a free 15-minute IT Fit Check at itstuffed.co.nz/booking.