Slack, the communication and collaboration platform, has been gaining attention lately as a potential phishing platform and it has been targeted by malicious actors. Mainly bad actors have been developing various methods to phish users within the platform itself – with concerns ranging from DMs to Slackbot reminders and public Slack channels or workspaces.
In a blog, Eric Howes from KnowBe4 said, “Much of that ongoing discussion is focused on the use of publicly leaked Webhooks to inject malicious messages into Slack channels. And, unsurprisingly, we already have reports of this method being used in Slack workspaces, esp. those with with public channels devoted to crypto-currency-related topics and discussions.”
He continued: “One reported scheme, for example, involves using Slack’s “referral URL” domain, slack-redir.net, to launder malicious links, allowing them to sail past multiple layers of security given that Slack domains will generally be trusted.”
He noted that hackers increasingly target free to use platforms, particularly in this period of extended remote working.
