Salesforce’s Email Services Exploited in Sophisticated Phishing Campaign
A recent phishing campaign was discovered by the Guardio research team , revealing a zero-day vulnerability in Salesforce’s email services and SMTP servers  . This allowed hackers to create convincing phishing emails that bypassed traditional anti-spam and anti-phishing measures .
The flaw , known as “PhishForce,” enabled attackers to exploit sender verification safeguards and send phishing emails through Salesforce’s domain and infrastructure . These emails  , falsely claiming to be from Meta but actually sent from an “@salesforce.com” domain, aimed to deceive recipients into clicking on a link by falsely claiming their Facebook accounts were under investigation   . The phishing kit was cleverly hosted as a game on the Facebook apps platform   , making it difficult to detect    . The attackers also configured an Email-to-Case inbound routing email address using the salesforce.com domain   , allowing them to directly target Salesforce customers.
The phishing campaigns attempted to trick users into visiting a fake Facebook page to steal their login information and two-factor authentication details . Salesforce and Meta promptly addressed the issue and provided a fix , but the researchers express concern over the increasing sophistication of phishing attacks that combine legitimate services to evade detection . Guardio Labs disclosed these findings and collaborated with Salesforce and Meta to close the vulnerabilities .
The prevalence of phishing attacks and scams remains high , with threat actors exploiting seemingly legitimate services for malicious activities . Service providers must take proactive measures to enhance verification processes and promptly identify any misuse of mail gateways . It is crucial to stay vigilant and continue developing strategies to combat the evolving tactics of phishing attacks.