How to alert users about phishing attacks coming from Slackbot reminders

Over the past month, we’ve learned a lot about the unique security issues faced by the Crypto Community. As a result, we put a hold on the development of our other security products and decided to double-down on Slack.

Before I go into detail; MetaCert does not read, transmit or store any message content. Our software is designed to monitor links only. 🔐

Summary of new security features

  • Slackbot reminders — monitoring and protection ✅
  • Private Channel — monitoring and protection ✅
  • DM — monitoring and protection ✅

For Community Managers & Moderators

  • We hope to give Community Managers and Moderators peace of mind. By installing MetaCert, moderators can spend less time worrying about, and fighting again phishing attacks that take place every hour of every day — quite literally for many communities. Instead they can spend their time supporting the community with more positive-facing conversations about their strategy or technical implementation etc.
  • By alerting community mangers and moderators of a phishing attack in real time, they can quickly investigate and ban the user responsible before harm can be done. Alerts include the bad actor’s username and location of the attack (Public or Private Channel, or DM) — so users can be banned in seconds, instead of minutes or even hours.
  • Community Managers can now open up their Slack community without the need to verify individuals at sign-up. SingularDTV is just one example of a company that decided to automate their signup process thanks to the protection offered by MetaCert.
  • Token Launches and ICOs that protect their community members from phishing attacks are likely to see more investment in their token/ICO. People who don’t get phished will spend and circulate more currency than those who have lost their savings — obviously. They are also more likely to encourage family and friends to take the plunge instead of frightening them away before they get a chance to invest themselves. More money in circulation is better for every stakeholder within the ecosystem.

For community members (investors)

One of the great things about blockchains and the ecosystems being built around them, is that investment opportunities are decentralized. This means we have non-’sophisticated’ investors who aren’t a member of the 1% club, getting an equal opportunity to invest in the next big thing. The downside is that they are more likely to be put off completely the first time they get their fingers burnt with a phishing scam.

People who are protected from phishing attacks are more likely to feel save and secure investing their money in token launches and ICOs. So in that context, our aim is to help people feel safe when opening a link.

What’s new in this MetaCert release

Our Slack security app has been available on the Slack marketplace and installed by companies such as IBM, NTT Security, Sage, SAP and Blackhawk Network for a while now. It offers them great protection.

This new release (now in beta) offers superior protection — thanks to the ongoing feedback from the Crypto Community. We’re not able to build fast enough but we are trying our best.

Slackbot Reminders

Problem:
Impersonators use the Slackbot to send ‘reminders’ that contain phishing links. It’s technically impossible for Slack owners and administrators to disable the Slackbot. So there’s no way to stop phishing scams and worse, people falling for them.

Solution:
MetaCert now monitors every reminder sent by the Slackbot.

If a Slackbot reminder is sent with a phishing link, MetaCert will send each recipient an alert in less than half a second (190 milliseconds to be precise). It will also send an alert to the team champion so they can immediately investigate, and ban the bad actor before they can do harm.

Private Channels

Problem:
Only members of a private channel can see what’s being shared inside that channel — even the Team Owner has no visibility of what’s being said or what links are being shared. This makes it easy for an impersonator to target specific individuals with personal messages — then trick them into logging into the wrong site where they can empty their wallet.

Solution:
MetaCert monitors every link shared across all private channels. The second a phishing link has been detected, the recipient(s) will receive an alert from the security app to warn them about the malicious intent.

Direct Messages (DMs)

Problem:
Impersonators can either send a DM to anyone inside a community, or they can setup the Slackbot reminder to a send phishing scam.

Solution:
MetaCert monitors every link shared across every DM. The second a phishing link is detected, an alert is sent to each recipient.

IMPORTANT NOTICE

Please look at the screen shot below. Alerts for scams sent to Private Channels and DMs are not sent inside the actual conversation. This is a technical limitation on the Slack API. After describing this to a few ICO Moderators they felt it was a good thing, because it means the bad actor isn’t aware that they’ve been caught out — until they’ve been banned that is.

An alert is also sent to the Team Champion in real time along with the @username of the impersonator and the

ANOTHER IMPORTANT NOTICE

MetaCert does not ready, transmit or store any message content. It only has the ability to detect and analyze links. So your Private Channels and DMs are completely safe and completely private.

Analytics

We’ve updated the user monitoring and analytics dashboard too. You can enable and disable the monitoring of public channels, private channels and DMs at any time.

Please get in touch if you would like to sign up for the beta release. You can email me directly. paul@metacert[dot]com.

I believe we’re living up to our promise, even if a couple of weeks late.

☞ Please tap or click “👏” to let Paul and others know that you appreciated this post. Your clap will also bring this post to the attention of more community managers so they can also put a stop to the bad guys from doing harm.

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.