Salesforce’s Email Services Exploited in Sophisticated Phishing Campaign

August 3, 2023

Salesforce’s Email Services Exploited in Sophisticated Phishing Campaign

A recent phishing campaign was discovered by the Guardio research team [6], revealing a zero-day vulnerability in Salesforce’s email services and SMTP servers [3] [6]. This allowed hackers to create convincing phishing emails that bypassed traditional anti-spam and anti-phishing measures [6].

Description

The flaw [3], known as “PhishForce,” enabled attackers to exploit sender verification safeguards and send phishing emails through Salesforce’s domain and infrastructure [3]. These emails [2] [4], falsely claiming to be from Meta but actually sent from an “@salesforce.com” domain, aimed to deceive recipients into clicking on a link by falsely claiming their Facebook accounts were under investigation [1] [2] [4]. The phishing kit was cleverly hosted as a game on the Facebook apps platform [1] [2] [4], making it difficult to detect [1] [2] [4] [6]. The attackers also configured an Email-to-Case inbound routing email address using the salesforce.com domain [1] [2] [4], allowing them to directly target Salesforce customers.

The phishing campaigns attempted to trick users into visiting a fake Facebook page to steal their login information and two-factor authentication details [5]. Salesforce and Meta promptly addressed the issue and provided a fix [5], but the researchers express concern over the increasing sophistication of phishing attacks that combine legitimate services to evade detection [5]. Guardio Labs disclosed these findings and collaborated with Salesforce and Meta to close the vulnerabilities [5].

Conclusion

The prevalence of phishing attacks and scams remains high [5], with threat actors exploiting seemingly legitimate services for malicious activities [5]. Service providers must take proactive measures to enhance verification processes and promptly identify any misuse of mail gateways [5]. It is crucial to stay vigilant and continue developing strategies to combat the evolving tactics of phishing attacks.

References

[1] https://thehackernews.com/2023/08/phishers-exploit-salesforces-email.html
[2] https://www.redpacketsecurity.com/phishers-exploit-salesforce-s-email-services-zero-day-in-targeted-facebook-campaign/
[3] https://www.vumetric.com/cybersecurity-news/hackers-exploited-salesforce-zero-day-in-facebook-phishing-attack
[4] https://vulners.com/thn/THN:3CF99BC4FE655CB61FE73F997259F9B0
[5] https://www.webpronews.com/bad-actors-exploited-a-salesforce-zero-day-flaw-in-phishing-campaign/
[6] https://www.helpnetsecurity.com/2023/08/02/salesforce-phishing-campaign/