Security News > 2023 > August > Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure.

What makes the attack notable is that the phishing kit is hosted as a game under the Facebook apps platform using the domain apps.

While sending out emails using a salesforce.com entails a validation step, Guardio Labs said the scheme cleverly gets around these protective measures by configuring an Email-to-Case inbound routing email address that uses the salesforce.com domain and setting it up as the organization-wide email address.

"This triggers the verification flow that sends the email to this routing address, ending up as a new task in our system," the researchers said, adding it leads to a scenario where a salesforce.com email address can be verified simply by clicking on the link accompanying the request to add the actor-controlled address.

"From here you just go on and create any kind of phishing scheme, even targeting Salesforce customers directly with these kinds of emails. And the above will end up in the victim's inbox, bypassing anti-spam and anti-phishing mechanisms, and even marked as Important by Google."

"The prevalence of phishing attacks and scams remains high, with bad actors continuously testing the limits of email distribution infrastructure and existing security measures," the researchers said.

News URL

https://thehackernews.com/2023/08/phishers-exploit-salesforces-email.html