- Check Point warns Salesforce tools are being used in phishing attacks
- The attacks are using Facebook image as a lure
- The goal of the campaign is to steal Facebook login credentials
Cybercriminals have been observed abusing a legitimate Salesforce service to attack people and businesses with Facebook-related phishing emails.
Researchers at Check Point warned about the ongoing campaign on its blog, describing how the criminals were using the automated mailing service that belongs to Salesforce as a marketing tool.
“In other words, they don’t breach any terms of service or the Salesforce security systems,” the researchers explained. “Rather, they use the service normally and choose not to change the sender ID. That way, the email is branded with the email address noreply [at] salesforce [dot] com.
Fakebook
The body of the phishing email is nothing extraordinary. It is the usual “your Facebook account is under review” threat, in which victims are warned about their account being suspended, unless they “verify” their details. The email shares a link to a fake Facebook support page, where sensitive information, such as passwords, get stolen.
The landing page comes with a poor attempt at a Facebook logo (it says ‘Faceloook’, where crooks apparently wanted to make letters ‘lo’ look like the letter ‘b’).
Check Point says more than 12,200 of these emails were sent so far, with “hundreds” targeting different businesses. The majority of the targets are in the EU (45.5%) and the US (45%), with the remaining 9.5% targeting Australia.
“Nonetheless, versions of the notifications have also been found in Chinese and Arabic, showing that the campaign targeted companies across geographic locales,” Check Point stressed.
Phishing continues to be one of the most popular attack vectors in 2025. It is cheap, scalable, and omnipresent, making it a great tool for cybercriminals. And with generative AI coming into the mix, phishing has turned into the ideal way to trick victims into sharing login credentials, or installing malware.
You might also like
- Facebook Marketplace accounts leaked online — thousands of users possibly affected, so secure your account now
- We’ve rounded up the best password managers
- Take a look at our guide to the best authenticator app
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Dodgy Android smartphones are being preloaded with Triada malware
Do I really need antivirus for Windows 11?
Samsung is being weirdly cagey about supporting Netflix’s big HDR upgrade that’s basically custom-made for its TVs
-
1Samsung is being weirdly cagey about supporting Netflix’s big HDR upgrade that’s basically custom-made for its TVs
-
2VistaPrint photo book review: quick, easy, and flexible editing – but lacking absolute precision
-
3JetKVM is a tiny, $69 open source KVM over IP device for remote control of any computer system
-
4Sony’s new soundbars have a genuinely great party music mode that I wish Sonos would steal
-
5The Nintendo Switch 2 will feature DLSS and ray tracing, but we don’t know which games support it
