Cybercriminals Exploit Salesforce to Launch Phishing Attacks on Facebook Users
Security researchers at Check Point have identified a phishing campaign that exploits a legitimate Salesforce service to target Facebook users and businesses. This scheme leverages Salesforce’s automated email system to send fraudulent messages disguised as official Facebook notifications.
How the Attack Works
Instead of breaching Salesforce’s security systems or violating its terms, attackers manipulate the platform’s email service to send deceptive messages from the [email protected] address. This allows phishing emails to bypass security filters and appear authentic, increasing the likelihood of victims falling for the scam.
The fraudulent emails claim that the recipient’s Facebook account is under review and faces potential suspension unless they verify their credentials. Clicking the embedded link directs users to a fake Facebook support page, where attackers harvest login details.
Read More: MoneyGram Suffers Cyberattack Compromising Sensitive Customer Data
Despite the realistic-looking email, the phishing website contains noticeable flaws. The Facebook logo is poorly replicated, with “Facebook” misspelled as “Faceloook”—an attempt to mimic the letter “b” using “lo.”
Scope of the Attack
Check Point’s research indicates that over 12,200 phishing emails have been distributed, with victims primarily located in:
- Europe (45.5%)
- United States (45%)
- Australia (9.5%)
Additionally, emails in Chinese and Arabic confirm that the attack is targeting businesses and individuals across multiple regions.
The Growing Threat of Phishing
Phishing remains one of the most effective cyberattack methods in 2025 due to its low cost, scalability, and high success rate. The emergence of generative AI has made phishing attempts more convincing, enabling attackers to impersonate brands, craft realistic messages, and execute large-scale attacks with ease.
How to Protect Yourself
To safeguard against phishing scams:
- Verify the sender’s email—Legitimate Facebook emails won’t originate from external services like Salesforce.
- Look for branding inconsistencies—Errors like “Faceloook” indicate fraud.
- Avoid clicking on suspicious links—Always visit websites directly through a trusted browser.
- Enable Two-Factor Authentication (2FA)—This adds an extra security layer, preventing unauthorized logins even if credentials are compromised.
- Report phishing emails—Inform your IT security team or email provider if you receive a suspicious message.
As cybercriminals develop more sophisticated techniques, staying vigilant and informed is crucial to avoiding these threats.
