One reported scheme, for example, involves using Slack's "referral URL" domain,, to launder malicious links, allowing them to sail past multiple layers of security given that Slack domains will generally be trusted. Slack can be used for phishing users outside of Slack, though. those with with public channels devoted to crypto-currency-related topics and discussions. And, unsurprisingly, we already have reports of this method being used in Slack workspaces, esp. Much of that ongoing discussion is focused on the use of publicly leaked Webhooks to inject malicious messages into Slack channels. Most of this attention has settled on various methods to phish users within Slack itself, and the concerns range from DMs to Slackbot reminders and public Slack channels or workspaces. Slack, the ubiquitous communication and collaboration platform, has been getting more and more attention over the past few months as a potential phishing platform and target for malicious actors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |