Protected by MetaCert

Slack communities now have anti-phishing protection inside DMs and Slackbot Reminders

MetaCert’s latest Slack app update went live today. When “Protected by MetaCert”, Slack is now the most secure messaging platform in the world — designed with love for cryptocurrency communities.

This post is broken into three parts:

  1. What the community admin must do
  2. What users need to do
  3. Show me the magic

What the community admin must do

  • If you already have an old live or beta release installed, I recommend removing it. Then go to slacksecurity.metacert.com where you can install the latest release.
  • The next step is to “approve” the app so users can then authorize it to protect their DMs. Only the Admin/Owner can do this.

When inside your Slack, select MetaCert under “Apps” - on the left sidebar.

Select the “Conversation Settings” ⚙️ on the top of the page and then select “Settings” on the menu as I’ve shown in the screen shot.

The last step is to select “Approve for Team”. See screen shot below. Only the Admin/Owner can do this, so if you don’t see this option, it means you don’t have access to this permission. Please speak to your Slack Admin/Owner.

What users need to do next

Users don’t need to install anything. But they must authorize MetaCert to monitor and protect their DMs. Users who do not authorize MetaCert will continue to get spammed with phishing attacks inside their DMs directly, and via the Slackbot Reminder system.

Here’s the URL for users to authorize the app to protect them: https://slacksecurity.metacert.com/auth/users

Users can not authorize MetaCert unless the community or team has already installed the app.

🔇 I highly recommend communities create a #security channel — set it up as a default channel and make sure everyone is invited automatically.

Show me the magic

We’ve made so many updates it’s now an entirely different security app — designed with communities in mind. While the app will continue to protect companies like IBM, NTT Security, SAP, Sage, AppDirect and VSP, we are laser focused on building better security tools to serve the Cryptocurrency world — and not just on Slack. We are also building browser add-ons. Email us if you want a beta invite for those beta@metacert.com

In summary, MetaCert now monitors every link shared across every message inside Slack. Messages that contain phishing links shared across Public Channels, Private Channels, Direct Messages and Slackbot Reminders are automatically deleted. They’re deleted so fast most users won’t even know they were sent a message in the first place. 💣

  1. Public Channel messages that contain phishing links are automatically deleted. Supported by default.
  2. Private Channel messages that contain phishing links are automatically deleted. Supported by default.
  3. DMs that contain phishing links are automatically deleted. Users must authorize MetaCert. See above.
  4. Slackbot Reminders that contain phishing links are automatically deleted. Users must authorize MetaCert. See above.

The vast majority of phishing scams on Slack are either sent via DM, or through the Slackbot Reminder.

How to add EXTRA protection for DMs

Some platforms allow community administrators to disable DMs. For this reason, some crypto communities left Slack in favor of those platforms.

Some phishing scams contain a legitimate URL, but request users to send money to phishing wallet addresses. While we can add the ability to blacklist phishing addresses, it would be virtually impossible to protect users to the point where I can sleep soundly at night. So we came up with an amazing feature.

MetaCert now makes it easy for communities to lock down DMs. As the MetaCert Champion (that’s the person who installed the app) you can create a “secret”. A secret is a word or phrase that only you and your team know.

After saving your secret, every DM sent across your entire Slack will be instantly deleted unless it contains the secret. That is, you must type the secret into every DM for it to be delivered. In the video below I say that the secret needs to be at the start of each message — but the fact is, it can be anywhere in the message.

How to disable Slack DMs

This feature is not enabled by default. Most community members want to be able to send DMs. And most teams want to DM members. But, some communities moved from Slack to other platforms just so they could disable DMs — so we thought it would be a good idea to allow our customers do the same without having to move to another platform. You must log into the MetaCert dashboard and go to Direct Messages to create a secret.

You can create a unique secret for select community members if you like.

Please tap or click “👏” on the left side of the screen to let Paul and others know that you appreciated this post. The number of claps indicates how much you liked the post and support its content, so put those hands together as many times as you like. 🔒

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.