- Slack Attack: A phisher's guide to initial access
- Slack Attack: A phisher's guide to persistence and lateral movement
Slack Connect has made phishing using the Slack platform far more viable. It’s now possible for one Slack tenant to message other Slack tenants by default. The target user will get a notification via email and via Slack itself and if they accept then it becomes a direct message channel.
There are some restrictions- full previews for images and links will not load in these Slack connect messages, but for most target users, the DM will appear to be the same (or very similar) as the DMs they are receiving from colleagues.
An adversary can also edit their message after a successful attack to remove evidence of the original malicious link.
