- How the Scam Works
- You Enter Your Password
- Why This Fake Slack Email Is Dangerous
- What to Do After Receiving the Fake Slack Email
- Frequently Asked Questions
Scammers are targeting workplaces by using fake Slack emails. These phishing emails attempt to steal your Slack password (which could be your Gmail password), which they may use to pull off additional scams within your workplace.
Unlike many other scams, this particular one is more sophisticated, with very few signs of a scam. However, there are still some ways to spot it as a scam.
Slack Email Verification ScamHi [Name],
As part of Slack's commitment to the safety of our users, we occasionally require that you re-verify your email address to make sure that our emails are properly received.
Help us secure your Slack account by verifying your email address: [email protected]
Confirm your email address
Please note that if no action is taken in the next 24 hours, your account will be suspended.
The Slack team
How the Scam Works
This is quite a straightforward phishing scam—you receive an email, you click a link, you enter your password, and the scam is complete.
The Email
The email itself is where the scammers have done quite a good job—it could pass as a legitimate Slack email. They use the real Slack logo (and it’s not blurry or skewed), there aren’t any typos or grammatical errors, it’s personalized, and the design looks like Slack’s.
At first glance, it’s a pretty convincing email with no glaring red flags.
However, upon closer inspection, here are the reasons we flagged this email as a scam:
- The sender’s email address: The email is sent from "[email protected]"—this is not a Slack-owned email (as confirmed by Slack).
- The button link does not take you to the Slack website.
- Suspending your account within 24 hours if you don’t verify your email address seems drastic.
We contacted Slack to confirm that this email was indeed a scam, and they confirmed that [email protected] is not an email address they have or use.
You Click the Link
Many likely click the link to verify their email address as soon as they receive it, fearing their work Slack account will be suspended if they don’t.
Once you click the link, you’ll land on a web page that, like the email, looks very legitimate. Again, it looks just like how one might expect a Slack login page to look, using the same layout and similar fonts and colors. However, upon closer inspection, there are some apparent differences between the fake sign-in page and the real one.
Major differences include:
- The Slack logo is enlarged on the fake sign-in page.
- The fonts used are different.
- The buttons on the fake sign-in page are bold.
If you click on either the “Sign in with Google” or “Sign in with Apple” buttons, you’ll also land on a fake login page.
Let’s take a look at the “Sign in with Google” page.
Firstly, when you click this button, you’re not taken to a new page (with a new URL). You should be taken to a new page with a Google URL when you sign in with Google.
Secondly, once you’re on the fake Google login page, you’ll notice the following:
- The dropdown menu to choose a different account to sign in with doesn’t work.
- None of the links work.
The “Forgot password?” link looks like it works, but it doesn’t. If you click on it, nothing happens. If you hover over the “Help,” “Privacy,” and “Terms” links, you’ll notice that they aren’t links at all.
The actual Google login page will:
- Be on a Google.com page
- Include working links to other pages (e.g., Help, Privacy, Terms)
- Include a disclaimer
You Enter Your Password
The real damage is done once you enter your password on the fake sign-in page, whether it be on the fake Slack page, fake Google sign-in page, or fake Apple sign-in page.
Once you submit your password to sign in, the scammers will have your login information to gain access to your Slack account. Even more concerning is if you logged in with your Google or Apple credentials.
If you have a separate login for your Slack account, the scammers will only be able to access Slack, but if they have your Google or Apple credentials, they may be able to access so much more.
Protect Your Accounts with 2FA
To protect yourself from phishing scams like this, enable two-factor authorization on your accounts, including your Slack and Google accounts. That way, even with your password, scammers won't be able to gain access unless they also have your 2FA code.
Why This Fake Slack Email Is Dangerous
This email is dangerous for two main reasons:
- It’s very convincing, with no obvious red flags for the average user.
- It could expose your company to hackers.
Since the scammers have done a reasonably decent job at making the email look legitimate, there’s more chance that people receiving it won’t even think twice before clicking the link and falling for the phishing scam.
Scammers count on the regular user to:
- Not know that Slack does not own the “From” address
- Click the link in fear of having their account being suspended
Once the scammers have your login credentials, there’s no end to what they may do with them. They could log into your Slack account and pretend to be you to your colleagues and pull off other scams. They could gain access to confidential information, exposing your company and colleagues to more significant threats. There’s no telling what scammers may come up with.
What to Do After Receiving the Fake Slack Email
If you receive this email or a similar phishing email:
- Do not click any links (if you do, don’t enter your information on any page)
- Report the email to your company’s IT department (or relevant team)
- Share this information with your colleagues so they know not to click the link
- Report the email to Slack
If you fall for the scam and enter your password on a fake sign-in page, you should:
- Log into your account and change your password immediately
- Report the incident to your IT department, security administrator, or relevant team
- Report the incident to the appropriate authorities
Comments