Hackers have transformed our communication tools — and, in some cases, websites — into vehicles for delivering threats. Emails, texts, phone calls, and even U.S. mail can be weaponized with malware or phishing attempts.
We now need to include services like Teams, Slack, and other messaging platforms on our list of communication tools that hackers might exploit.
If you receive a calendar invite for an unexpected Teams call from someone claiming to be in IT, Legal, or HR, consider it a red flag that warrants scrutiny. Use the same review process you would apply to an email or text. Just as you wouldn’t click on a link in a text that says you need to pay a toll, don’t click a link from “HR” unless you are certain it’s legitimate. Trust, but verify.
Hackers hope you will act too quickly and click without thinking, or they may be after your credentials instead of deploying malware. If you’re already logged into your systems and see a pop-up asking you to log in again, take a moment to pause before giving away your access.
For instance, last year at Disney, there was an incident involving Slack[1] where a staff member’s laptop was compromised through the communications app, resulting in the harvesting of all data accessible via that app.
Currently, over 42 million users are on Slack, while Microsoft Teams has more than 320 million users. Most organizations utilize one of these platforms, making hyper-vigilance essential for such widely used tools. Both platforms have built-in security features, but it’s up to you not to accidentally bypass that security by clicking on something you shouldn’t.
If that doesn’t raise your blood pressure, consider typo-squatting. Hackers register domains similar to legitimate ones to divert traffic to their fake sites, aiming to steal your credentials, credit card numbers, or other sensitive information. These fraudulent websites may also post phony job listings that request fees for uniforms or computer equipment. This type of recruitment scam is becoming increasingly common. Additionally, an email attack could be launched using the fake domain to deceive individuals into thinking they are legitimate.
According to Fox4, Florida ranks fourth in the nation for job scams[2], with California and Texas also high on the list. Just as hackers in communication scams hope you will act too quickly, they also target desperate job seekers who might overlook red flags, such as paying for business cards, computers, or apparel.
Fake job postings may also request financial information during interviews. Florida International University has published a comprehensive list of red flags you can review: Hiring Scam Alert – Career and Talent Development[3].
If something seems suspicious, it probably is. Don’t hesitate to call the organization’s headquarters to verify the authenticity of the job posting.
It is everyone’s responsibility to help combat cybercrime. The first step is understanding how your communication tools can be hijacked and how hackers use job postings to steal information. Make sure to share this knowledge with young job seekers, the unemployed, and anyone using platforms like Teams and Slack.
Together, we might prevent the next cyber incident.
Post Views: 0
References
- ^ an incident involving Slack (www.fileopen.com)
- ^ Florida ranks fourth in the nation for job scams (www.fox4now.com)
- ^ Hiring Scam Alert – Career and Talent Development (career.fiu.edu)