Salesforce and Meta suffer phishing campaign that evades typical detection methods

The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email sample as was sent from the “@salesforce.com” email address The vulnerability allowed threat actors to craft targeted phishing emails, evading conventional detection methods by leveraging Salesforce’s domain and reputation and exploiting legacy quirks in Facebook’s web games platform. 83% of organizations face phishing attacks every year, and mass-market emails are the most … More →

The post Salesforce and Meta suffer phishing campaign that evades typical detection methods appeared first on Help Net Security.