Salesforce email compromised for phishing attacks

By

Now patched against "Phishforce".

Salesforce has patched a vulnerability in its email services that researchers discovered was being exploited in targeted phishing attacks against “high-value” Facebook accounts.

Salesforce email compromised for phishing attacks

According to Guardio Labs, the attackers found a zero-day in Salesforce that allowed them to send phishing emails using Salesforce’s “domain and infrastructure”.

That gave the attackers a trusted domain as the origin of their messages.

“This gives bad actors not only volume but also access to the reputation of those gateways, usually getting their IPs and domains whitelisted in an organisation or even network-wide”, Guardio wrote in a blog post.

The bug, dubbed “PhishForce” by the researchers, existed in Salesforce’s “email-to-case” feature, in which a user can set up an automatic process to create new case tickets based on incoming customer emails.

The attackers set up an email-to-case flow to get control of a Salesforce-generated email address, and then created an inbound email address on salesforce.com.

Setting that email address as an 'organisation-wide' address let it be used for outbound emails.

In emails gathered by Guardio, phishing messages looked like they came from Meta Platforms via the case.salesforce.com domain.

The messages advised recipients of an account compromise, and offered a link to a “support” page which harvested user credentails.

The fake support page abused apps.facebook.com, using supposedly-deprecated features.

Guardio said it contacted Meta, which said it is investigating “why our detections and mitigations for these sorts of attacks didn’t work”.

Guardio disclosed its findings to Salesforce on June 28, and a fix was deployed to all Salesforce services and instances on July 28.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Macquarie Uni to spend up to $700m on 10-year digital transformation

Macquarie Uni to spend up to $700m on 10-year digital transformation

Nissan A/NZ's outsourced cyber incident call centre breached

Nissan A/NZ's outsourced cyber incident call centre breached

Digital ID bill passes parliament

Digital ID bill passes parliament

Macquarie's banking CISO headed to Endeavour Group

Macquarie's banking CISO headed to Endeavour Group

Log In

  |  Forgot your password?