What is the SLAM Method? Identify Phishing Emails with SLAM Method

Written by Mitchell Langley

February 16, 2024

What is the SLAM Method? Identify Phishing Emails with SLAM Method

SLAM method stands for: Stop, Look, Ask, and Manage. The method is four step framework that involves double-checking the Sender, Link, Attachment, and Message.

What is the SLAM Method?

The SLAM method provides a simple and effective framework for identifying phishing emails through careful inspection and verification of key details. As phishing attacks continue to rise in frequency and sophistication, following the SLAM approach is an important line of defense for both organizations and individuals against the threat of data breaches.

SLAM Method Meaning 

The acronym SLAM stands for Stop, Look, Ask, and Manage – each step guiding the user through a process when receiving an unfamiliar or potentially fraudulent email.

STOP Before Action!

The first “S” emphasizes the importance of stopping before taking any actions like clicking links or opening attachments. Too often users are impatient and fail to scrutinize emails properly. By pausing to systematically analyze the details, many phishing attempts can be spotted.

LOOK Closely for Red Flags

When stopping to look, the “L” instructs users to examine the sender address closely. Cyber criminals often spoof legitimate domains to trick recipients, so users must hover over sender addresses to check for misspellings or unusual domains that could indicate spoofing. Additionally, the email body should be inspected for any suspicious requests for sensitive information or login credentials through a provided link. Phishing emails frequently use a sense of urgency or fake technical issues to manipulate recipients.

ASK The Experts

If unsure after carefully looking at an email, the “A” advises users to ask a trusted source like the IT department for a second opinion before proceeding. When in doubt about an email’s authenticity, never open attachments or click links, as these are common routes for installing malware. Consulting technical experts helps validate emails and avoid risky actions.

MANAGE According to Best Practices

The M in the slam methods stands for “Management”. This point emphasizes the importance of proper email management. Any phishing attempts identified through the SLAM process must then be reported to IT and deleted from the user’s inbox and devices. Not only does this help limit damage from the initial email, but also allows security teams to monitor phishing trends and block similar trickery in the future.

SLAM Method in Action

Here is a sample case example of the SLAM method:


SLAM Method in Action

John receives an email from his bank while busy at work. Instead of opening it immediately, he stops and pauses to carefully inspect the message first.


What is the SLAM Method? Identify Phishing Emails with SLAM Method

When John looks and hovers over the sender address in the email, he notices it says bankofameriaca.com instead of his actual bank’s domain. This flags it as potentially fake.


What is the SLAM Method? Identify Phishing Emails with SLAM Method

Unsure if the email is legitimate, John forwards it to his company’s IT help desk and asks for verification. They confirm it is fraudulent after checking the dodgy domain name.


What is the SLAM Method? Identify Phishing Emails with SLAM Method

With the phishing attempt now identified, John manages and deletes the email from his inbox without clicking any links inside it. He also files a report with IT so they are aware of the spoofing attempt.


When consistently applied by users throughout an organization, the straightforward SLAM methodology makes it significantly harder for phishing schemes to succeed.

Combined with preventative technical controls and ongoing user training, following this strategic email screening protocol strengthens defenses against growing cyber threats and supports compliance with regulations around data protection.

For more on phishing attacks, read our guide on phishing and spear phishing!

Related Articles

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!