Salesforce Email Hack Used to Bait Facebook Phishing Trap

Emails sent from seemingly genuine "@salesforce.com" accounts targeted Facebook users in high-profile phishing campaign.

Salesforce, the software company behind one of the best CRMs for sales, has released out a patch for its email services after security researchers discovered a zero-day vulnerability that allowed hackers to target Facebook users with a convincing phishing scam.

The actively exploited bug was discovered by the team at Guardio Labs and has been dubbed “PhishForce”. It made use of a flaw in Salesforce's “email-to-case” feature – which lets users automate the creation of tickets for customer queries – to send outbound emails purporting to be from Meta Platforms via the official “@case.salesforce.com” domain.

Not only did these emails look genuine to the recipients, but they evaded Facebook's built-in phishing detection defenses as well, once again highlighting how even the most robust antivirus software and related solutions can be duped by gaps in the security architecture of popular products.

How the Salesforce Phishing Attack Worked

The phony phishing emails were titled “Breach of Content Standards” and claimed to advise recipients of an account compromise and impending suspension due to “suspicions of impersonation” on their social media account. Which of course is wildly ironic and proof that hackers are nothing if not a humorous bunch.

Surfshark logo🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.See deal button

In order to avoid the “suspension”, users were directed to a fake “support” page, at which point they were asked to input sensitive information. While the Guardio Labs report makes clear the campaign is known to have operated successfully, it's not clear how many people actually fell victim to it.

Adding a further air of authenticity to the ruse, the emails were addressed to the target's real name, which also helped the messages bypass Facebook's anti-spam and anti-phishing filters.

Photo of Salesforce email used in Facebook phishing campaign

Image credit: Guardio Labs

Salesforce Dreaming Big Despite Layoffs

Guardio Labs also notes that Salesforce acted quickly to address the vulnerability: it was reported to the company on July 28th and a patch was released the same day. The security researchers also say they advised Facebook owner Meta of the hole in its systems, which seemed to be related to legacy features on “apps.facebook.com.”

News of the security flaw comes as Salesforce enters an important couple of months as a company and as a brand. Specifically, the popular CRM maker is in the midst of a number of new launches ahead of its annual Dreamforce 2023 conference in September. These include the suite of new AI features being brought to its core products, while subsidiary Slack has also just unveiled a sales-specific edition as it looks to diversify its offering.

At the same time, Salesforce pricing is increasing for the first time in a number of years and the company hasn't found itself immune to the wave of tech layoffs sweeping the industry, either. For its part, Meta finds itself in  the eye of the social media storm as ever, launching its new app Threads as an alternative to Twitter (now X).

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
James Laird is a technology journalist with 10+ years experience working on some of the world's biggest websites. These include TechRadar, Trusted Reviews, Lifehacker, Gizmodo and The Sun, as well as industry-specific titles such as ITProPortal. His particular areas of interest and expertise are cyber security, VPNs and general hardware.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals