Expert Insight On Slack Phishing Attacks Using Webhooks

AT&T Alien Labs recently conducted research into how webhooks in Slack can lead to some pretty convincing phishing attacks.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
April 17, 2020 1:16 pm

This is an interesting attack vector against Slack which is among the few popular messaging tools used in organisations. The concerning aspect about this is that people tend to lower their guard when receiving links on messaging platforms, and in particular when on mobile devices. All this combined can lead to a great increase in the likelihood of a spearphishing attack being successful. It is why employees need to be wary of phishing attacks not just from email, but all social media platforms. In addition, organisations should have threat detection and response controls in place so that in the event an employee does fall victim to a phishing attack, it can be quickly identified and remediated before becoming a widespread incident.

Last edited 2 years ago by Javvad Malik
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x