Beyond email, other communication channels like Teams and Slack are vital to monitor and protect because threat actors are always looking for new avenues to attack end users. While your users are likely fairly wary of emails due to the continuous awareness training that we have done, it is likely that almost all of your users trust the communications that they see on collaboration platforms like Slack and Teams.
If a threat actor gains access to an internal account that has Teams or Slack access like we see in this example, they're able to send messages as that compromised user, and the recipients will have a much higher likelihood of acting on the request. Or as we see here, clicking on a malicious link.
Abnormal is able to detect these malicious activities and enable analysts to swiftly take action on the affected users.
