They work because they operate within approved communication parameters. If a message comes from an allowed domain or a compromised legitimate tenant, policy checks may succeed even when the content is malicious. That gap between authorised delivery and trustworthy delivery is what attackers exploit.
Why This Matters for Security Teams
Collaboration phishing succeeds because modern messaging platforms are designed to trust delivery first and inspect content second. A message from an allowed tenant, a compromised account, or a familiar internal channel can pass policy checks even when the payload is malicious. That makes these attacks materially different from classic email phishing, where gateway controls and domain reputation often do more of the work.
Security teams also underestimate how quickly attackers weaponise legitimate collaboration paths. NHIMG’s The State of Secrets Sprawl 2025 found that 38% of secrets incidents in collaboration and project management tools like Slack, Jira, and Confluence are classified as highly critical or urgent, which shows how often “trusted workspace” becomes the initial access layer. The problem is not simply spam filtering. It is identity abuse, tenant trust, and human expectation being used against the organisation.
Threat reporting from CISA cyber threat advisories and NHIMG’s 52 NHI Breaches Analysis both reinforce the same point: once an attacker is inside a legitimate collaboration context, normal perimeter controls lose much of their value. In practice, many security teams encounter the compromise only after a user has already trusted the message and followed the attacker’s next-step instructions.
How It Works in Practice
These attacks succeed by exploiting the gap between authenticated transport and trustworthy intent. In Microsoft Teams, Slack, and similar tools, the platform may correctly confirm that a sender exists, that a tenant is allowed, or that a message arrived through an approved channel. None of that proves the content is safe. A compromised account can still send convincing lures, and a malicious external tenant can often initiate a conversation that looks routine to the recipient.
Defending against this requires shifting from static trust assumptions to context-aware verification. The current guidance suggests combining identity controls, message hygiene, and behavioural detection rather than relying on any single gateway rule. Practical measures include:
- Hardening tenant-to-tenant communication and restricting external chat or federation where business need is weak.
- Requiring stronger authentication for high-risk actions that begin in collaboration tools, especially file access, link opening, and payment or credential requests.
- Using conditional access and device posture checks so a valid account on an unmanaged endpoint does not equal full trust.
- Monitoring for anomalous conversation patterns, rapid privilege changes, and unusual link or file-sharing behaviour.
- Treating collaboration channels as identity surfaces, not just productivity tools.
For deeper context on how attackers chain trust across identities and tools, NHIMG’s Ultimate Guide to NHIs — Key Challenges and Risks and the OWASP NHI Top 10 are useful references because they frame identity misuse as an operational problem, not just a message-filtering problem. This guidance tends to break down in heavily federated tenants with broad guest access because tenant trust is already permissive and attacker-controlled messaging can blend into normal cross-organisation workflows.
Common Variations and Edge Cases
Tighter collaboration controls often increase friction for legitimate business workflows, so teams must balance usability against reduced exposure. That tradeoff is especially visible in environments that depend on external partners, mergers, or distributed project teams, where over-restrictive controls can push users to shadow channels outside monitoring.
There is no universal standard for this yet, but best practice is evolving toward layered verification. Some organisations add warning banners or external-sender cues, though those measures are easy to ignore once users become habituated. Others focus on limiting the blast radius by separating executive, finance, and admin collaboration spaces from general-purpose chat. Where secrets are involved, the risk is higher still, because a single pasted token, API key, or certificate can convert a conversation compromise into downstream system access.
For teams that need a governance baseline, NHIMG’s Top 10 NHI Issues and the Ultimate Guide to NHIs — Standards help translate the issue into policy language, while MITRE ATLAS adversarial AI threat matrix is relevant where automated agents, assistants, or copilots can amplify the speed and scale of social engineering. Collaboration phishing becomes hardest to stop when users are allowed to act on trust alone and the platform does not require a second, higher-friction step before sensitive follow-on actions.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Collab phishing often leads to secret theft and NHI misuse. |
| OWASP Agentic AI Top 10 | A2 | Trusted chat channels can trick agents into unsafe tool use. |
| CSA MAESTRO | TRUST-03 | Applies to trust decisions across enterprise collaboration surfaces. |
| NIST AI RMF | Addresses governance for harmful AI-enabled social engineering workflows. |
Reduce blast radius by rotating exposed secrets and enforcing short-lived credentials.
Related resources from NHI Mgmt Group
- How should security teams reduce phishing risk when attacks blend into normal work?
- How should security teams evaluate identity controls against AI-driven attacks?
- How do teams know whether their email security controls are keeping up with AI phishing?
- Why do JWT algorithm confusion attacks bypass normal authentication controls?
