Most of us can be contacted anytime, anywhere thanks to SMS, and various chat applications. Chat apps like Microsoft Teams, Slack, Discord, and WhatsApp (to name a few) are often used for both professional and personal communication. While these tools offer amazing convenience and (possibly too much) connectivity, they also present a clever opportunity for phishing attacks. Understanding how these attacks manifest in chat apps and learning how to defend against them is another tool in your awareness kit.

What is Phishing?

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, message, or link that leads to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.

Phishing techniques in Chat Applications

Phishers have tailored their attacks to chat applications with tactics that include:

- Impersonation: Attackers often pretend to be a co-worker or a IT support agent, asking for sensitive information or urging the victim to click on malicious links or reading out MFA codes.

- Links and attachments: Just as with email, malicious links and files can be sent via these chat tools, often embedded in seemingly harmless messages.

- Urgency and fear: Phishing attempts may claim that immediate action is required to resolve a problem or prevent a negative outcome, exploiting the victim's instinct to act swiftly.

Why Chat Apps?

The informal and rapid nature of chats can lead to quick responses and less scrutiny. Furthermore, the blend of personal and professional communications on these platforms may lower the users' guard or confuse the context in which the communication is received.

What to do if you receive a phishing message in a chat app:

  • Never click any links or attachments in suspicious chat messages. If you receive a suspicious message from an organisation and worry the message could be legitimate, go to your web browser and open a new tab and login to your account or contact them via their official website.
  • If the suspicious message appears to come from a person you know, contact that person via another means like by text message or a phone call to confirm it.
  • Report the message to your IT Support team. If you are on a home device, check if there is a reporting mechanism for that particular app.
  • Delete it once reported to the app admin (keep for IT if you are in an organisation)

How to protect your organisation

1. Education and awareness: Regular security awareness training sessions for all users can help them recognise the signs of phishing attacks.

2. Verification processes: Encourage a culture of verification. If a message seems unusual, a quick phone call or face-to-face meeting can confirm its legitimacy.

3. Use of security tools: Employ anti-phishing tools that can detect and block fraudulent messages and malicious links.

4. Regular updates: Keep chat applications updated to benefit from the latest security patches.

5. Security policies: Develop clear policies that restrict sharing sensitive information over chat applications to avoid accidental exposure.

As phishing attacks become more sophisticated and tailored to specific platforms like Microsoft Teams, Slack, Discord, and WhatsApp, awareness and preparedness are your best defences. By staying informed about the potential risks and implementing robust security practices, individuals and organisations can protect themselves from these deceptive schemes that threaten our digital and professional landscapes.

Request a personalised demo for your organisation today!