A new Facebook phishing campaign looks to trick you with emails sent from Salesforce

unblock facebook with vpn
Så avblockerar du Facebook med en VPN

  • Check Point warns Salesforce tools are being used in phishing attacks
  • The attacks are using Facebook image as a lure
  • The goal of the campaign is to steal Facebook login credentials

Cybercriminals have been observed abusing a legitimate Salesforce service to attack people and businesses with Facebook-related phishing emails.

Researchers at Check Point warned about the ongoing campaign on its blog, describing how the criminals were using the automated mailing service that belongs to Salesforce as a marketing tool.

“In other words, they don’t breach any terms of service or the Salesforce security systems,” the researchers explained. “Rather, they use the service normally and choose not to change the sender ID. That way, the email is branded with the email address noreply [at] salesforce [dot] com.

Fakebook

The body of the phishing email is nothing extraordinary. It is the usual “your Facebook account is under review” threat, in which victims are warned about their account being suspended, unless they “verify” their details. The email shares a link to a fake Facebook support page, where sensitive information, such as passwords, get stolen.

The landing page comes with a poor attempt at a Facebook logo (it says ‘Faceloook’, where crooks apparently wanted to make letters ‘lo’ look like the letter ‘b’).

Check Point says more than 12,200 of these emails were sent so far, with “hundreds” targeting different businesses. The majority of the targets are in the EU (45.5%) and the US (45%), with the remaining 9.5% targeting Australia.

“Nonetheless, versions of the notifications have also been found in Chinese and Arabic, showing that the campaign targeted companies across geographic locales,” Check Point stressed.

Phishing continues to be one of the most popular attack vectors in 2025. It is cheap, scalable, and omnipresent, making it a great tool for cybercriminals. And with generative AI coming into the mix, phishing has turned into the ideal way to trick victims into sharing login credentials, or installing malware.

You might also like

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
Phishing campaign targets prominent X users, accounts at risk
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Someone checking their credit card details online.
Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Latest in News
A image of Saros character Arjun
Housemarque’s boss is surprisingly positive about Sony’s acquisition – and it’s good news for Saros
Oura Ring 4
One of Apple's top health execs is ditching the company for Oura, and I've never been more convinced smart rings are the future
Nvidia logo
Nvidia RTX 5060 Ti could be delayed to mid-April and RTX 5060 to mid-May – is AMD starting to look like a clear winner in the battle of Blackwell vs RDNA 4 GPUs?
The A Minecraft Movie Meal from McDonald's.
McDonald's reveals A Minecraft Movie meal with a bizarre set of collectibles and the most sinister sounding sauce ever
Apple iPhone 16e REVIEW
The iPhone 16e’s 5G performance seemingly has the iPhone 16’s beat
Assassin's Creed Shadows
I was already sold on Assassin's Creed Shadows on PS5 Pro, but now the devs are teasing that the game will soon get a boost from PSSR