Salesforce and Meta suffer phishing campaign that evades typical detection methods

The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email sample as was sent from the “@salesforce.com” email address The vulnerability allowed threat actors to craft targeted phishing emails, evading conventional detection methods by leveraging Salesforce’s domain and reputation and exploiting legacy quirks in Facebook’s web games platform. 83% of organizations face phishing attacks every year, and mass-market emails are the most … More →

The post …

0 day address campaign cybercrime cybersecurity detection email email phishing emails email security exploiting facebook guardio meta phishing phishing campaign phishing emails research salesforce sample servers services smtp team threat threat actors vulnerability zero-day zero-day vulnerability