Why is Slack and Teams phishing rising?

Three reasons. First, collaboration tools sit inside the user's trusted in-product surface - users have been trained to question email but not Slack or Teams notifications. Second, the channels bypass email-gateway filtering entirely, so the security layer that catches most email phishing doesn't apply. Third, attackers have working tooling - open-source frameworks for spoofed Slack workspaces, malicious Teams apps in the public app store and well-documented Slack Connect abuse patterns. The combination produces high click-through rates with low effort.

What is a Microsoft Teams external chat phishing attack?

By default, many Microsoft 365 tenants allow external users to initiate one-on-one chats with internal users via Teams. An attacker creates a free Microsoft tenant, sets a display name that mimics a vendor or coworker and starts a chat. The notification arrives in-product as a normal Teams chat invite - bypassing email gateway filtering entirely. From there, the attacker sends links or files that trigger the actual phishing payload. Defense: admins can restrict external Teams access to a verified-domain allowlist via the Teams admin center.

What is Slack Connect phishing?

Slack Connect lets organizations create shared channels with external partners. Phishing attackers abuse this by sending Connect invitations from sock-puppet workspaces with names mimicking real partners. Once accepted, the attacker can send messages, files and links inside the user's normal Slack interface. Defense: workspace admins should require admin approval for external connections rather than letting individual users accept Connect invites unilaterally.

Are malicious apps a real Slack and Teams threat?

Yes. Both platforms have public app stores where attackers can publish apps with phishing functionality (data exfiltration, link-injection, OAuth-style consent abuse). Once a user installs an app or grants it permissions, the attacker has access proportional to the scopes granted. Defense: lock down app installation to admin approval only; periodically audit installed apps and revoke anything not on a verified-publisher allowlist; train users on what app permission prompts mean in the same way you'd train on OAuth consent screens.

How does phishing simulation work for Slack and Teams?

There are two approaches. Direct: send simulated phishing messages through the platform itself (requires API integration with the workspace). Indirect: send email-channel simulations that mimic Slack/Teams notification emails (e.g., 'You have a new message in Teams from John Doe' with a credential-harvesting link). Both have value - direct trains the in-product recognition pattern; indirect captures the surface where notification-email phishing actually lands. Comprehensive programs use both.

What admin policies reduce collaboration-tool phishing risk?

Five quick wins: (1) restrict external Teams chat to a verified-domain allowlist, (2) require admin approval for Slack Connect invites, (3) lock down app/bot installation to admin-only or verified-publisher, (4) enable URL link previews carefully (some link previewers leak target URLs to attackers when scraped), (5) periodically audit installed apps and granted scopes. None of these replace user training - they shrink the population of unfiltered messages users have to evaluate.

Slack & Microsoft Teams Phishing: Collaboration-Tool Attack Patterns

Email phishing has a defense layer most organizations have invested in for two decades: gateways, link rewriters, banner warnings on external mail, user training that conditions skepticism. Slack and Microsoft Teams have none of that. Phishing inside collaboration tools arrives in the same UI as legitimate coworker messages - same notification chrome, same trust posture - and the email-gateway layer that catches most external phishing simply does not see it.

Three trends compounded into a real threat in the last 18 months: free attacker tenants on both platforms, public app-store distribution for malicious bots and the rise of well-documented abuse patterns (Slack Connect cross-workspace invites, Teams external chat). The result is collaboration-tool phishing climbing fast in incident reports, often as the bridge between an initial credential leak and the deeper compromise that follows.

This post walks through the five Slack-and-Teams attack patterns IT teams need to defend against, the admin policies that reduce the surface and how phishing simulation programs should evolve to cover the in-product channels.

1. Microsoft Teams external chat phishing

Default M365 tenants allow external users - anyone with a free or paid Microsoft work account - to initiate one-on-one Teams chats with internal users. The attacker creates a tenant, sets a display name like "Stripe Support" or the name of a real coworker and starts a chat. The Teams notification looks identical to internal messages. Most users have never been trained to wonder if the person sending the chat is actually who they claim.

From there, the attacker sends a link (to an AiTM proxy, a fake Microsoft sign-in or a malicious Office document) or a file directly through Teams. The user clicks because the trust posture for in-product notifications is high.

Defense at the admin layer: in Teams admin center, restrict external access to a verified-domain allowlist (block all unknown external tenants from initiating chat). Defense at the user layer: simulation training that includes Teams-themed lures so users learn to question who's sending.

2. Slack Connect cross-workspace abuse

Slack Connect is the feature that lets organizations create shared channels with partners. Phishing attackers exploit it by spinning up a sock-puppet workspace named like a real partner ("Acme Vendor"), then sending a Connect invitation to a target user. Once accepted, the attacker has a foothold inside the user's normal Slack interface.

The defense pattern most organizations miss: by default, individual users can accept Connect invitations on their own. That's an enormous trust delegation. Locking down Connect approval to admins-only via Slack workspace settings closes the surface significantly - admins can vet the inviter before accepting.

3. File-share lures inside both platforms

Once an attacker is in a Teams chat or Slack channel - through external chat, Connect or a compromised account - they can share files. A malicious Word document with macros, a PDF with an embedded link or even a plain text message with a phishing URL. Users accept files from in-product senders much more readily than from email attachments.

Defense: enable scanning of files shared in collaboration tools (Microsoft Defender for Office 365 covers Teams; Slack has equivalent integrations with EDR vendors). Train users that "I got it through Slack" is not a meaningful trust signal - the file came from somewhere external, just routed through chat.

4. Malicious bots and app installations

Both Slack and Teams have public app stores. An attacker publishes an app - often a copy of a legitimate productivity tool with a similar name and icon - that requests permissive scopes during install. Users browsing the app store install it because it looks like a real tool. Once installed, the app exfiltrates messages, injects phishing links or grants the attacker OAuth-style persistent access.

This pattern shares a lot of DNA with OAuth consent phishing on M365 and Google Workspace (covered in our M365 phishing and Workspace phishing pieces) - the user is granting a real permission to a malicious app, and standard MFA does nothing about it because no password is involved.

Defense: in both Slack and Teams, restrict app installation to admin-only or to a verified-publisher allowlist. Audit installed apps quarterly and revoke anything not on the allowlist. The cost of being permissive about which apps users can install is much higher than the friction of admin approval.

5. DM-style impersonation phishing

Once an attacker has an internal account compromised - through any of the patterns above or through credential leak / classic phishing - they use it to DM coworkers with phishing payloads. The DMs come from the real internal account, with the real Slack handle and avatar, in the channel users have been trained to trust completely.

The lures are usually mundane: "Hey can you review this doc real quick?" with a malicious link. "I'm in a meeting, can you handle this for me?" - classic urgency-based social engineering, but coming from a known internal user inside Slack or Teams.

Defense: this is the hardest one because the technical surface is minimal - the message IS internal. The defense layer is user training: any unusual request, even from a known internal user, deserves verification through a different channel before action. This pairs with the broader defense theme covered in business email compromise training, which has the same "trust the sender, doubt the request" structure.

Why standard email-gateway defenses do not help

Most security stacks rely on email gateways (Mimecast, Proofpoint, Microsoft Defender, Google Workspace Security Sandbox, etc.) for the volume defense against phishing. Slack and Teams traffic does not pass through those gateways. The chat platforms have their own filtering, but it's narrower - focused on known-bad URLs and obvious malware signatures, not the social-engineering patterns email gateways are tuned for.

The implication: an organization with an excellent email-gateway posture still has unfiltered exposure on Slack and Teams. Many security programs have spent two decades hardening email and zero days hardening collaboration tools. Closing that gap is the work of the next 24-36 months for most security teams.

Phishing simulation program design for collaboration tools

Two complementary approaches:

Email-channel simulations that mimic Teams/Slack notification emails - "You have a new Teams message from John Doe" with a credential-harvesting link. The user receives the lure as email but the lure VISUAL is the collaboration-tool notification. Easier to deploy; trains the recognition pattern.
In-product simulations - actually send simulated phishing messages through Slack or Teams via API integration. Higher deployment cost but trains the user to be skeptical of in-product notifications, not just emails about them.

For most organizations, starting with email-channel simulations covers the higher-volume attack pattern (notification-email lures) and ramping up to direct in-product simulation makes sense once the platform-API integrations are in place. Auto-assigned remediation training should fire on click regardless of which channel the lure was delivered through.

For cyber insurance and compliance buyers

Cyber insurance carriers in 2026 are starting to ask about collaboration-tool phishing specifically - because incident reports have made the gap visible. The cyber-insurer renewal walkthrough covers the broader question set; the collaboration-tool addition is a 2025-2026 evolution. Programs that include in-product simulation evidence have an easier renewal conversation than programs that don't.

Where Bait & Phish fits

Bait & Phish ships with notification-email templates that mimic Slack and Microsoft Teams in-product alerts across the easy / regular / hard difficulty tiers. Multi-channel coverage means the same campaign can run as email + SMS + voice if the threat scenario warrants it. Auto-assigned training fires the moment a user clicks. Start a free trial up to 25 users and run a Slack-themed or Teams-themed campaign in your environment, or contact us if you want to walk through how the simulation library covers collaboration-tool patterns.

This post is informational. Specific Teams admin-policy decisions, Slack Connect approval flow and app installation controls are organization-specific - consult your collaboration-platform admin or the relevant vendor's professional services for tailored guidance.

See also: Phishing Trends 2026 - annual roundup covering AiTM commoditization, AI-generated lure quality, collaboration-tool phishing, ransomware dwell-time compression and other patterns that defined the year.

25feb