Have you seen this in slack?
“A webhook is a feature that allows third-party apps to send messages to a specific Slack channel via a unique URL. Anyone can send a message to the Slack channel if they know this URL, so it’s important that the URL be kept secret. If an attacker discovers a leaked webhook URL, they can craft a phishing message and send it directly into a Slack workspace to trick a user into installing a malicious app. This app can then exfiltrate data from the targeted workspace.”