- Check Point warns Salesforce tools are being used in phishing attacks
- The attacks are using Facebook image as a lure
- The goal of the campaign is to steal Facebook login credentials
Cybercriminals have been observed abusing a legitimate Salesforce service to attack people and businesses with Facebook-related phishing emails.
Researchers at Check Point warned about the ongoing campaign on its blog, describing how the criminals were using the automated mailing service that belongs to Salesforce as a marketing tool.
“In other words, they don’t breach any terms of service or the Salesforce security systems,” the researchers explained. “Rather, they use the service normally and choose not to change the sender ID. That way, the email is branded with the email address noreply [at] salesforce [dot] com.
Fakebook
The body of the phishing email is nothing extraordinary. It is the usual “your Facebook account is under review” threat, in which victims are warned about their account being suspended, unless they “verify” their details. The email shares a link to a fake Facebook support page, where sensitive information, such as passwords, get stolen.
The landing page comes with a poor attempt at a Facebook logo (it says ‘Faceloook’, where crooks apparently wanted to make letters ‘lo’ look like the letter ‘b’).
Check Point says more than 12,200 of these emails were sent so far, with “hundreds” targeting different businesses. The majority of the targets are in the EU (45.5%) and the US (45%), with the remaining 9.5% targeting Australia.
“Nonetheless, versions of the notifications have also been found in Chinese and Arabic, showing that the campaign targeted companies across geographic locales,” Check Point stressed.
Phishing continues to be one of the most popular attack vectors in 2025. It is cheap, scalable, and omnipresent, making it a great tool for cybercriminals. And with generative AI coming into the mix, phishing has turned into the ideal way to trick victims into sharing login credentials, or installing malware.
Leave a comment