Salesforce Zero day exploit

Zero-day exploitation of Salesforce Email Services

2 Mins Read

PUREVPNNewsZero-day exploitation of Salesforce Email Services

A sophisticated phishing campaign on Facebook has been spotted, exploiting a previously unknown flaw in Salesforce’s email services. This flaw allows attackers to create targeted phishing messages using the company’s domain and infrastructure.

Source: Abusing Mass mailing services to send malicious emails to the masses

The phishing emails pretend to be from Meta but are sent from an email address with a @salesforce.com domain. They try to trick recipients into clicking a link by claiming their Facebook accounts are under investigation for impersonation.

How do they do it?

  • The attackers aim to lead victims to a deceptive landing page to steal their account credentials and two-factor authentication codes. 

This attack is unique because the phishing kit is hosted as a game on the Facebook apps platform under the domain apps.facebook[.]com.

  • This clever approach makes it challenging for traditional anti-spam and anti-phishing systems to detect the attack since the emails contain legitimate links to facebook.com and come from a genuine email address associated with @salesforce.com.

To bypass validation steps when sending emails from salesforce.com, the attackers set up an Email-to-Case inbound routing email address using the salesforce.com domain. By doing this, they can verify a salesforce.com email address by clicking on the link provided in the request to add the attacker-controlled address.

Did Salesforce do something?

Due to responsible disclosure, Salesforce fixed the zero-day flaw on July 28, 2023, preventing using @salesforce.com email addresses for such attacks.

This incident highlights the ongoing phishing attacks using seemingly legitimate services like CRMs, marketing platforms, and cloud-based workspaces to carry out malicious activities. Cofense has also warned of increased phishing activity using Google Accelerated Mobile Pages URLs to bypass security checks and steal credentials.

Concluding remarks

Threat actors are using trusted tactics for phishing attacks. With increasing incidents, you need to be vigilant with what you click. Trust your instinct too, but keep security checks tight and updated. 

author

PureVPN

date

August 4, 2023

time

3 years ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Related Stories

Microsoft Phases Out 1024-bit RSA Keys for Enhanced Windows Security

Microsoft Phases Out 1024-bit RSA Keys for Enhanced Windows Security
Posted on March 19, 2024
Cyberattack Compromises International Monetary Fund (IMF) Email Accounts

Cyberattack Compromises International Monetary Fund (IMF) Email Accounts
Posted on March 18, 2024
Cybercriminals Target Aiohttp Flaw to Find At-Risk Networks

Cybercriminals Target Aiohttp Flaw to Find At-Risk Networks
Posted on March 18, 2024

Have Your Say!!