Bad actors exploited a zero-day flaw in Salesforce’s email services with a phishing campaign that also relies on Facebook’s web games platform.

The vulnerability and phishing campaign was discovered by Oleg Zaytsev and Nati Tal, researchers at Guardio Labs.

Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook’s web games platform. Guardio Labs has disclosed these findings and worked with Salesforce and Meta to close the vulnerabilities and misuse.

The phishing campaigns tried to trick users into going to a fake Facebook page in an effort to steal their Facebook login information, as well as their two-factor authentication information. Targets received an email that appeared to come from Meta but came from a salesforce.com domain.

So it’s a no-brainer why we’ve seen this email slipping through traditional anti-spam and anti-phishing mechanisms. It includes legit links (to facebook.com) and is sent from a legit email address of @salesforce.com, one of the worlds leading CRM providers.

The researchers praise both Salesforce and Meta for quickly addressing the issue and providing a fix to all impacted services. At the same time, they express concern over the growing sophistication of such phishing attacks, combining a range of legitimate services to thwart countermeasures.

The prevalence of phishing attacks and scams remains high, with bad actors continuously testing the limits of email distribution infrastructure and existing security measures. A concerning aspect of this ongoing battle is the exploitation of seemingly legitimate services, such as CRMs, marketing platforms, and cloud-based workspaces, to carry out malicious activities. This represents a significant security gap, where traditional methods often struggle to keep pace with the evolving and advanced techniques employed by threat actors.

It is imperative for these service providers to exercise additional caution and implement stringent measures to thwart such abuse. Taking proactive steps to keep scammers away from secure and reputable mail gateways is of utmost importance. This includes bolstering verification processes to ensure the legitimacy of users, as well as conducting comprehensive ongoing activity analysis to promptly identify any misuse of the gateway, whether through excessive volume or through analysis of metadata such as mailing lists and content characteristics.

Kudos to Salesforce and Meta’s Security teams for their prompt response to our discoveries and their ongoing efforts to enhance the security and resilience of their platforms against scammers’ attempts.