A Phisher’s Guide to Slack

Unlike phishing via email, IM apps and the messages within them are typically more trusted by employees, making social engineering via Slack a juicy target.

In this guide on external phishing attacks via Slack, we'll show red teamers and pentesters how to get initial access as the first step in the attack kill chain. Once you've got a foothold on Slack, we'll show you:

New attack possibilities that help you gain and maintain persistence

How to conduct more advanced social engineering attacks to move laterally

Link-spoofing techniques that can make phishing links much harder to spot

How malicious Slack messages can be modified later to replace the phishing link, covering your tracks