How crypto communities can stay more safe from phishing attacks on Slack — Beta release #2

What’s new in this release.

This is a **major** release.

  1. DM Protection ✅
  2. Private Channel Protection ✅
  3. Slackbot Protection ✅
  4. Slack API Protection ✅
NOTE: MetaCert can not read, transmit or store any message content from any communication. The security app can only analyze URLs. User privacy is just as important as phishing protection.

Direct Message (DM) Protection

MetaCert now monitors every DM conversation across your entire Slack. There are two separate technical solutions built-in:

🔒 One-to-one DMs. 
🔒 Multiple people in a DM conversation — i.e. three or more people.

DM alerts are sent via the MetaCert app.

As soon as a phishing link is detected, each recipient will receive an alert via the MetaCert app. They will not see an alert in the DM conversation itself — that’s not possible due to a Slack API limitation. The sender will not receive an alert either — so they won’t know that they’ve been caught out.

Also, the MetaCert Champion (the person who installed MetaCert) will also receive an alert — even when they are not involved in the DM. Again, they can not read any DM message and they won’t know who is involved in the conversation.

Private Channel Protection

MetaCert now monitors every conversation across Private Channels.

  • Messages that contain a malicious link are removed from the channel. Removing messages reduces the risk of someone opening a phishing.
  • Alerts are sent to the channel in real time, to inform everyone that a message has been removed due to the imminent phishing attack.
  • The Champion also receives an alert to inform them of the message removal. It will detail the name of the channel, the bad actor responsible for the attack and a timestamp. This helps with the deactivation of impersonators more quickly.

Slackbot Protection

This is the most widely used attack vector and the main request coming from our partners. It’s also the #1 issue that’s stopping some companies from installing MetaCert.

By the time their kettle boils, the cybercriminal has setup and sent a phishing attack to thousands of community members. It’s a simple but very effective attack that results in people seeing their wallets get emptied every day.

It’s technically impossible to combat the attack without a security app like MetaCert. It’s even impossible for the Slack account owner to block or remove the Slackbot — so it’s impossible to prevent attacks via the Reminder command.

An impersonator uses the Slackbot reminder command to send a phishing message to everyone.

MetaCert now monitors every message sent via the Slackbot, including “Reminders”. The screen shot shows Omise — I just want to point out that their community is protected by MetaCert — so I’m not singling them out as insecure — they are as secure as is possible.

DM alerts are sent via the MetaCert app.

Please note that the alert won’t appear in the same thread as the Reminder. It will appear via the MetaCert app as demonstrated in the above screen shot.

Slack Test API Protection

Attackers are using the Slack API to send phishing scams.

MetaCert now monitors every link sent via the Slack API. Phishing attacks sent to Public Channels and Private Channels are immediately removed with an alert sent to the channel to notify everyone of the removal.

Phishing scams sent via DM are not removed in this instance. They are sent via the MetaCert app. In all instances, the MetaCert Champion is always made aware of phishing attacks.

What else?

While I talk about Phishing because that’s the number one issue within the Crypto world today, MetaCert also monitors and sends alerts for Pornography and Fake News links. These can be disabled at any time from the control panel.

Some of the main known issues that need to be resolved before we submit for Slack’s approval

  1. Alerts not being sent to the Champion when a link is labeled as XXX or Fake News
  2. Daily digest sent to Champion doesn’t include insight to the new alerts.
  3. Alert message format is inconsistent. We are going to redesign all alerts.
  4. Champion doesn’t get an alert when a malicious link is sent via the Slack API to a Public Channel. This does not mean it’s less secure — everyone else sees an alert and the message is removed.
  5. As designed, the Slackbot Reminder sends a message to say a reminder has been setup, followed by the actual reminder. This means MetaCert finds the link twice and so, sends two alerts. We will reword the first one to let you know that an attack is about to take place — before it happens.
  6. It’s not possible to disable DM monitoring via settings on your control panel. You shouldn’t be forced into having DM and Private Channel monitoring.
  7. Dashboard does not record alerts.
  8. The archive for Files on the dashboard freezes.
  9. Links on the dashboard are not being recorded.
  10. Dispute page is broken. Until that’s fixed you can report false positives to me inside your community. If I’m not a member of your community and you have MetaCert installed, please invite me :)

If you are a MetaCert partner and would like access to the beta release, please get in touch via email paul at metacert.com

NOTE: MetaCert can not read, transmit or store any message content from any communication. The security app can only analyze URLs. User privacy is just as important as phishing protection.

Roadmap

The following is on our immediate roadmap as soon as we complete this release.

  1. Multi-user login. This will allow any Admin to log into the analytics dashboard. It will also allow all admins to receive alerts — instead of just the Champion.
  2. Monitoring and alerts for wallet addresses.
  3. The automatic banning of impersonators who send phishing links via the Slack API or Slackbot.
  4. The automatic banning of impersonators who send phishing links to channels while whitelisting admins. We need to look at this some more to make sure we reduce the risk of false positives. Please let us know your thoughts on this if you have an opinion.
  5. Chose between blacklist or whitelist.
  6. Add URLs and wallet addresses to your own blacklist.
  7. Anything that partners tell us are important. Feel free to tell us what you think.

Stay safe and if you’re a MetaCert Partner, I’d like to thank you on behalf of all the people who would have lost money without your amazing support. 🙌

MetaCert has a Slack community with Crypto people who like to share knowledge about security and privacy. Please let me know if you’d like an invite.

If you’re involved in Crypto feel free to connect with me on Linkedin.com/in/paulwalsh

Here’s the live app for MetaCert. This is in use by many communities and companies such as IBM, SAP, Sage, NTT Security, F5 and many more.

Show your support

Clapping shows how much you appreciated Paul Walsh’s story.