https://pushsecurity.com/blog/
Security controls like Sender Policy Framework (SPF) that can prevent
direct spoofing of domains and email security gateways that can flag
suspicious domains. Those security controls don’t exist for IM, so we
have new options for spoofing.
Chameleon attack
A particularly
interesting external attack capability is that an attacker can act as a
chameleon and change their identity over time. This could be
particularly dangerous in CEO fraud attacks. An attacker could forge
connections with finance employees ahead of time for seemingly
legitimate and innocuous means and then later use those to send Slack
messages spoofing the CEO.
Link preview spoofing
HTML allows a variety of ways to specify hyperlinks. Secure email gateways will often alert or block commonly abused types, such as forging a different URL as the link display text to what the underlying link points to. On IM applications, however, this same standard of link analysis is not always present and the widespread introduction of link unfurling/previewing has also given additional options for spoofing links to hide their true source and increase social engineering success.
