Slack integrations are safe, right?

You can integrate applications into Slack. It's great: you get alerts when documents change or when people join new groups in your cloud applications.

But what if there's a dark side to this, too... what's wrong with this Dropbox alert in Slack?

Using most services, anyone can try to share a file with anyone else. If you have enabled an integration with Slack or Teams and you get a file shared with you, it might seem "more" legit if you get the alert through your company's messaging platform.

This note above looks relatively authentic if you're looking at your work Slack and get a "HR admin shared this file with you" type of announcement. But it's not authentic. It's designed to trick you.

This one got taken down fast, so if your coworker clicked on it, it would have gone to a broken link. But if it weren't down, it would have tried to get your account details by pretending you weren't logged in.

You or your employees might easily be duped by such a tactic. Here are some suggestions (thanks, AI) for how you can reduce the likelihood of falling for such a scam.

Here are some ways to mitigate the risk of falling for a phishing attack via a Dropbox-Slack integration:

1. Set Up Slack App Permissions Carefully

• Restrict who can install and manage the Dropbox integration in Slack.

• Limit which channels the Dropbox app can post in to reduce exposure.

• Disable automatic previews of shared Dropbox links if possible.

2. Enforce URL Scanning & Threat Detection

• Use a security tool like Cisco Umbrella, Proofpoint, or Cloudflare Gateway to scan URLs before users click on them.

• Slack Enterprise Grid allows integrations with third-party security tools that can scan messages for phishing links.

3. Verify Dropbox Links Before Clicking

• Always hover over the link before clicking to check if it leads to a dropbox.com domain (not a lookalike).

• Encourage users to open Dropbox manually and check for the shared file instead of clicking links in Slack.

4. Use Dropbox Team Settings for Link Control

• In Dropbox Business, admins can restrict sharing settings so only files from approved domains (your company’s Dropbox) can be shared.

• Disable public links and require files to be shared only with specific team members.

5. Train Employees on Phishing Awareness

• Conduct regular security training and phishing simulations.

• Teach users to recognize social engineering tactics, like urgent messages pressuring them to click links.

6. Implement Multi-Factor Authentication (MFA)

• If a scammer does trick someone, MFA on Dropbox and Slack reduces the risk of unauthorized access.

• Consider using a password manager to prevent credential reuse.

7. Set Up Slack Warning Bots

• Use a Slack bot (like Nightfall, Metomic, or a custom-built workflow) to detect and warn users when external Dropbox links are shared.