A new Facebook phishing campaign looks to trick you with emails sent from Salesforce

Check Point warns Salesforce tools are being used in phishing attacks
The attacks are using Facebook image as a lure
The goal of the campaign is to steal Facebook login credentials

Cybercriminals have been observed abusing a legitimate Salesforce service to attack people and businesses with Facebook-related phishing emails.

Researchers at Check Point warned about the ongoing campaign on its blog, describing how the criminals were using the automated mailing service that belongs to Salesforce as a marketing tool.

“In other words, they don’t breach any terms of service or the Salesforce security systems,” the researchers explained. “Rather, they use the service normally and choose not to change the sender ID. That way, the email is branded with the email address noreply [at] salesforce [dot] com.

Fakebook

The body of the phishing email is nothing extraordinary. It is the usual “your Facebook account is under review” threat, in which victims are warned about their account being suspended, unless they “verify” their details. The email shares a link to a fake Facebook support page, where sensitive information, such as passwords, get stolen.

The landing page comes with a poor attempt at a Facebook logo (it says ‘Faceloook’, where crooks apparently wanted to make letters ‘lo’ look like the letter ‘b’).

Check Point says more than 12,200 of these emails were sent so far, with “hundreds” targeting different businesses. The majority of the targets are in the EU (45.5%) and the US (45%), with the remaining 9.5% targeting Australia.

“Nonetheless, versions of the notifications have also been found in Chinese and Arabic, showing that the campaign targeted companies across geographic locales,” Check Point stressed.

Phishing continues to be one of the most popular attack vectors in 2025. It is cheap, scalable, and omnipresent, making it a great tool for cybercriminals. And with generative AI coming into the mix, phishing has turned into the ideal way to trick victims into sharing login credentials, or installing malware.

https://cdn.mos.cms.futurecdn.net/ePXtB9PYNS5kdcXz2nzNan-1200-80.jpg

Source link

Free ChatGPT users can finally stop re-explaining themselves in every session

Apple TV 4K is still your best bet for streaming privacy for one key reason, report claims

Hackers are hijacking your typos to plant stealthy malware – and even the best antivirus might not catch it

iOS 19: the 5 upgrades I’m really hoping for at WWDC 2025

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Ganga Bath Fittings IPO opens today: Check GMP, price band and other details

Sight sciences director Encrantz buys $376,429 in stock

Dollar edges down as trade tensions simmer ahead of jobs data

Vanguard new ex-China ETF followed push from Missouri Republicans

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

A new Facebook phishing campaign looks to trick you with emails sent from Salesforce

Ganga Bath Fittings IPO opens today: Check GMP, price band and other details

Sight sciences director Encrantz buys $376,429 in stock

Dollar edges down as trade tensions simmer ahead of jobs data

Vanguard new ex-China ETF followed push from Missouri Republicans