Slack adds verification feature to combat phishing scams

Bobby Hellard

12 Aug, 2020

Slack has announced a slew of new security features, certificates and integrations, including a verification system that adds an additional layer to protect against phishing scams.

The announcement follows on from Slack Connect, launched in June, which allows organisations to create shared channels with other companies. This is the company’s big play in its attempt to move people away from email, where phishing and ransomware scams have increased.

For Slack Connect, the company is adding a verification system that shows the legitimacy of a contact – similar to Twitter’s blue ticks, or the padlock symbol on Google Chrome.  

“It’s always a challenge for us to give customers everything they need to feel comfortable sharing their data with Slack,” the firm’s CISO Larkin Ryder told CloudPro.

“But right now people are especially concerned. Moving from the office environment to remote work means that there is a whole new set of risks that every CISO is thinking about.”

During the pandemic, there were a number of reports suggesting that coronavirus-related phishing scams were on the rise – the UN reported a 350% increase in the first quarter of 2020. Slack has taken preventative steps to combat this on its Connect service, where would-be scammers could potentially pose as clients and infiltrate Slack channels.

The company is also adding a feature called ‘Information Barriers’, which can block communications between specific users within the same organisation to avoid conflicts of interest.

There is also a new enterprise key management (EKM) for the Workflow builder, which provides full encryption to all data added to the service, including form data and search queries. The EKM will also be available for Slack Connect.

Finally, Slack has also achieved FedRAMP moderate authorisation, which is a US government standard for cloud service providers.