Teamwork platforms troubled by phishing attacks

Conventional cyberattacks using fraudulent emails to trick users into revealing sensitive information are regaining their popularity. In addition to emails and instant messaging, fraudsters have been increasingly using text messages, social networks, and now team collaboration applications such as Microsoft Teams, Slack, Discord, and even the professional social network LinkedIn.

The principle of phishing remains the same. The received message – often of a business nature – is intended to persuade an unaware person that they should perform a specific action which gives the attacker access to sensitive data. This most often includes passwords, debit and credit card numbers, and personal ID numbers. What has changed is how these attacks are carried out. In addition to traditional emails and instant messaging systems, attackers now use Microsoft’s document creation and sharing apps that are part of the omnipresent Office and Office 365 suite; however, times are changing and the pandemic has given rise to a new method.

A specific attack vector


Recently, phishing attacks have often been carried out using team collaboration systems, such as Microsoft Teams, Slack, and Discord. Due to the pandemic, many employees work from home. To connect with their organization, they often use special communication platforms. “In order to place malicious links or documents there, attackers must first gain access to these applications. This can be done in many ways, but it usually starts with a compromised email. Through phishing, the attacker obtains login credentials or access to the corporate network,” says Martin Lohnert, a cybersecurity specialist at Soitron. Once that happens, the door is open for further action.

The attacker may intercept communication and slip through any security safeguards. They become a “fully fledged” member of an organization and then start their malicious activities. “Of course, there is protection available for Microsoft Teams, which scans malicious links and protects users against phishing. The problem is that organizations often forget to implement it,” says Lohnert. When the attacker sends a link in a chat or in a video communication through a platform like Microsoft Teams, this platform does not check if the link is OK and not a security risk. Attackers also rely on the fact that end users trust the platform and tend to share sensitive or confidential data more readily when they are using it.

“Users have learned to be cautious of fraudulent emails and text messages, but attacks through these communication channels are something completely new and unexpected for ordinary users connected to their company’s infrastructure,” adds Lohnert.

Systems work the way they were designed


As an example, Avanan security analysts discovered that doctors in hospitals share medical information about patients on MS Teams with little restraint. Medical staff are aware of the security policies and risks of sharing information via email, but when it comes to Microsoft Teams they ignore these things and simply believe that they can securely send anything when they are on the platform. This collaboration platform works well for the purpose it was designed. It allows any other person – from another department or another company – to be invited to collaborate, but there is often nobody to control who should and who shouldn’t have access. And this is not specific to Microsoft Teams. Other platforms (e.g. Slack and Discord) work in a similar way.

As a professional social network, LinkedIn is also becoming a target of phishing attacks. This is because it uses automatic URL shortening. If a link with more than twenty-six characters is shared on LinkedIn, it will be automatically truncated in line with LinkedIn’s policies, and it may look like this “https://lnkd.in/d_EcVD-i”. A post published on the network can link anywhere, and following several redirects an unsuspecting user may quickly end up at a phishing site.

“Most organizations use multiple communication tools. Naturally, employees are overwhelmed by how to communicate with different (or sometimes the same) people on various platforms. This then leads to less caution, and that’s bad. The solution is not to click on everything we see and also not to believe that all systems are perfectly secured,” says Lohnert.

Related articles