Slack Phishing
An important part of staying protected against phishing attacks is staying aware, especially in order to spot new techniques being used. During a recent CyberWire Research Saturday podcast episode, Ashley Graves describes a phishing technique abusing webhooks in Slack.
Graves, a Cloud Security Researcher at AT&T Alien Labs, says this fools users into granting an attacker access to their Slack data. The webhook feature allows third-party apps to send messages to a specific Slack channel via a unique URL. Anyone who knows the URL is able to send messages to that channel, meaning it’s important to keep it secret. If an attacker discovers a leaked URL they can craft a phishing message, sending it directly into the Slack channel, to trick users into installing a malicious app. The app can then exfiltrate workspace data. Since the message is coming from the legitimate Slack service, there are less visible warning signs. Instead, we need to continue educating ourselves and each other on understanding what level of data would be legitimately requested by what services versus where you can spot something seems off.
To learn more about this latest scam, and how you can continue to grow your internal instincts around avoiding such scams, visit here to listen to the full podcast episode.
Verizon Connect
Ready to support your fleet, Verizon Connect is here to help with special offers on fleet tracking, field service management, and dash cam software.
Verizon Connect wants to help support the technology needed in order to keep drivers, vehicles, and overall business moving forward. GPS fleet tracking can track vehicle locations on a live map similar to Google maps and Apple maps, monitor behavior, and provide insights on how to reduce prices or costs for vehicle maintenance and fuel. Video dash cams can be integrated to record and view footage of harsh driving events, as well as to coach drivers on better behaviors with the potential to protect against false accident claims. The field service management tool includes a drag-and-drop calendar and an easy-to-use technician app in order to simplify scheduling, job management and dispatching. These solution software, and others, offer a user-friendly interface to help stay connected on the road and in the field. They are also being offered with up to 3 months free on a trial period, with the ability to schedule a quick demo to start.
To learn more about pricing plans, and how these services can be useful to you and your business, visit here.
Fake Zoom Suspension Alerts
As many of us continue to work from home throughout the summer, our Zoom usage isn’t slowing down any time soon. Zoom, the cloud-based communication platform we’ve all come to love is unfortunately not immune to phishing campaigns with Microsoft 365 users as the latest target. The new scam uses Zoom notifications to warn those who work in corporate environments that their Zoom account has been suspended. The end goal is to steal Office 365 logins. The impersonated account suspension alerts have already landed in over 50,000 mailboxes based on information provided by researchers from email security company, Abnormal Security, who spotted the ongoing attacks. With the dramatic increase of remote workers using Zoom throughout the pandemic, those being targeted are more willing to trust these emails than they might normally be. To learn more about this scam, and to see an example email, visit here.