Since late June, the platform’s file storage domain – slack-files.com – appeared to pop up with far more regularity on the Phish Alert Button, leading KnowBe4 researchers to surmise that Slack users using the referral URL domain, slack-redir.net, are being duped with malicious payloads, raising concerns.
https://www.scmagazine.com/home/security-news/phishing/slack-users-unwittingly-phished-with-malicious-payloads/