- Check Point warns that Salesforce tools are being used in phishing attacks
- The attacks are using the Facebook image as lure
- The target of the campaign is to steal Facebook login credentials
Cybercriminals have been observed abusing a legitimate service of Salesforce to attack people and companies with electronic phishing emails related to Facebook.
Check Point researchers warned about the current campaign in their blog, describing how criminals were using the automated mail service that belongs to Salesforce as a marketing tool.
“In other words, they do not violate any terms of service or Salesforce security systems,” the researchers explained. “Rather, they use the service normally and choose not to change the identification of the sender. That way, email is marked with the NOREPLY email address [at] Salesforce [dot] com
False book
Phishing’s email body is nothing extraordinary. It is the usual threat of “your Facebook account is under review”, which warns the victims about their suspended account, unless they “verify” their data. Email shares a link to a false Facebook support page, where confidential information, such as passwords, steal.
The destination page comes with a bad attempt in a Facebook logo (says ‘Faceloook’, where criminals apparently wanted to make the letters ” look like the letter ‘B’).
Check Point says that until now more than 12,200 of these emails were sent, with “hundreds” aimed at different businesses. Most of the objectives are in the EU (45.5%) and the USA (45%), with the remaining 9.5%addressed to Australia.
“However, the versions of the notifications have also been found in Chinese and Arabic, which shows that the campaign directed companies in geographical places,” said Check Point.
Phishing remains one of the most popular attack vectors in 2025. It is cheap, scalable and omnipresent, which makes it a great tool for cybercriminals. And with the generative AI entering the mixture, Phishing has become the ideal way of deceiving the victims to share login credentials or installing malware.
