An important part of staying protected against phishing attacks is staying aware, especially in order to spot new techniques being used. During a recent CyberWire Research Saturday podcast episode, Ashley Graves describes a phishing technique abusing webhooks in Slack.
Graves, a Cloud Security Researcher at AT&T Alien Labs, says this fools users into granting an attacker access to their Slack data. The webhook feature allows third-party apps to send messages to a specific Slack channel via a unique URL. Anyone who knows the URL is able to send messages to that channel, meaning it’s important to keep it secret. If an attacker discovers a leaked URL they can craft a phishing message, sending it directly into the Slack channel, to trick users into installing a malicious app. The app can then exfiltrate workspace data. Since the message is coming from the legitimate Slack service, there are less visible warning signs. Instead, we need to continue educating ourselves and each other on understanding what level of data would be legitimately requested by what services versus where you can spot something seems off.
To learn more about this latest scam, and how you can continue to grow your internal instincts around avoiding such scams, visit here to listen to the full podcast episode.