Salesforce fixes vulnerability exploited in targeted phishing attacks on Facebook accounts

Attackers used a zero-day exploit in Salesfore that allowed them to send phishing emails using Salesforce’s “domain and infrastructure”.
10 August 2023
Image by CyberBeat

Salesforce has fixed a vulnerability in its email services that was being exploited in targeted phishing attacks against high-profile Facebook accounts. 

Researchers at Guardio Labs discovered a zero-day flaw in Salesforce, which allowed the attackers to send phishing emails using Salesforce's own domain and infrastructure. This gave the attackers the ability to appear as though their messages originated from a trusted source.

The bug, named "PhishForce" by the researchers, was found in Salesforce's "email-to-case" feature, which allows users to automatically create new case tickets based on customer emails.

In the phishing emails collected by Guardio, the messages appeared to come from Meta Platforms through the domain.

Guardio has informed Meta of the issue, and the company is currently investigating why their detections and mitigations did not detect these types of attacks.

- CyberBeat


About CyberBeat

CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.

Contact CyberBeat

If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us

Terms & Policies >>


We couldn't do this without the support of our sponsors and contributors.