Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,494
- Points
- 113
The bug allowed hackers to bypass email security and gain user confidence.
Security company Guardio has uncovered a sophisticated phishing attack based on a 0day vulnerability in Salesforce email and SMTP servers.
Attackers used the flaw to create fraudulent emails that imitated messages from Salesforce. Thus, cybercriminals were able to bypass standard detection methods and attack users.
The phishing emails looked genuine, mentioned the victim's real name, and successfully bypassed traditional spam and phishing protection mechanisms by containing legitimate links to Facebook* and sent from the "@salesforce.com" email address.
Phishing email sent from "@salesforce.com" email address
The attackers used Salesforce's "Email-To-Case" feature, which is designed to convert incoming customer emails into cases, allowing hackers to get confirmation emails and control of the real "@salesforce.com" email address for their phishing attacks.
Guardio presented their results to Salesforce and Meta, who set about fixing the problem. Salesforce has confirmed that the issue has been fixed and there is currently no evidence that customer data has been affected.
Security company Guardio has uncovered a sophisticated phishing attack based on a 0day vulnerability in Salesforce email and SMTP servers.
Attackers used the flaw to create fraudulent emails that imitated messages from Salesforce. Thus, cybercriminals were able to bypass standard detection methods and attack users.
The phishing emails looked genuine, mentioned the victim's real name, and successfully bypassed traditional spam and phishing protection mechanisms by containing legitimate links to Facebook* and sent from the "@salesforce.com" email address.
Phishing email sent from "@salesforce.com" email address
The attackers used Salesforce's "Email-To-Case" feature, which is designed to convert incoming customer emails into cases, allowing hackers to get confirmation emails and control of the real "@salesforce.com" email address for their phishing attacks.
Guardio presented their results to Salesforce and Meta, who set about fixing the problem. Salesforce has confirmed that the issue has been fixed and there is currently no evidence that customer data has been affected.
