In business today we use software in almost everything we do. What’s proven to be especially useful is web-based software or software-as-a-service (SaaS). It would be almost impossible to find someone in business who isn’t using at least some SaaS tools. From email (Gmail) to communication (Skype) to file sharing (Dropbox), SaaS tools have become a staple of office productivity.
One particular category of SaaS tools is collaboration. This is software that enables teams—especially remote teams like we have today—to work together on and communicate about projects. Two of the more popular SaaS collaboration tools are GitHub and Slack.
GitHub is a repository and version control tool which helps software teams develop software together. Slack is a communications portal built around “channels,” which are groups of people with something in common.
Hackers are now targeting SaaS products in general and these two SaaS tools in particular with phishing attacks. It’s somewhat surprising, since these tools are used by some of the most sophisticated technology people around and those most likely to sniff out a phishing attack.
In the case of GitHub, “GitHub users are currently being targeted by a phishing campaign specifically designed to collect and steal their credentials via landing pages mimicking GitHub’s login page. The phishing emails use various lures to trick targets into clicking the malicious link embedded in the messages: some say that unauthorized activity was detected, while others mention repository or settings changes to the targeted user’s account.”
In the case of Slack, “Incoming webhooks allow you to post messages from your applications to Slack. By specifying a unique URL, your message body, and a destination channel, you can send a message to any webhook that you know the URL for in any workspace, regardless of membership. Generally, Slack webhooks are considered a low risk integration. A deeper dive into webhooks shows that this is not entirely accurate.”
So, hackers are using the webhooks URLs to phish unsuspecting users. “The process itself is fairly simple:
- Discover leaked webhooks
- Create a Slack app and allow public installation of the app
- Send malicious messages to discovered hooks
- Track workspaces that install the malicious app
- Use the app to exfiltrate data from workspaces that install it”
It just goes to show that hackers are not afraid to go after the most tech-savvy users out there with their phishing attacks. And if the tech-savvy are vulnerable, what chance do normal folks have? That’s why the best approach, regardless of technical prowess, is to utilize another SaaS product to protect employees from phishing attacks: Phish Protection.
In the case of Phish Protection, being web-based is actually an advantage. Since emails are first routed to the service, scanned and then forwarded if safe, emails with malicious links never actually make it into the inbox. And if a phishing email can’t make it into the inbox, there’s no way it can be used to phish you.
Try Phish Protection free for 60 days. It works with all software providers, sets up in 10 minutes and only costs pennies per employee per month. It’s perfect for cost-conscious small businesses.