Cybercriminals have found a way to exploit Salesforce’s legitimate email service to launch a large-scale phishing campaign targeting Facebook users and businesses. Security researchers at Check Point have identified this sophisticated attack, which leverages Salesforce’s automated mailing system to send deceptive emails masquerading as official Facebook notifications. The attack highlights the growing risk of phishing in an era where cybercriminals continue to refine their tactics to bypass security measures.
Unlike traditional phishing scams that require attackers to breach security defenses, this scheme cleverly avoids triggering alarms within Salesforce’s infrastructure. The emails are sent from noreply@salesforce.com, a legitimate Salesforce email address, making them appear authentic and significantly increasing their chances of bypassing spam filters and security screenings.
The phishing emails use a classic social engineering technique, warning recipients that their Facebook account is under review and may be suspended unless they verify their details. A link embedded in the email directs users to a fraudulent Facebook support page, where attackers harvest sensitive login credentials. Despite the seemingly authentic email sender, the phishing website itself contains noticeable flaws. The most obvious is the misspelling of “Facebook” as “Faceloook” on the fake support page. Cybercriminals attempted to manipulate the letters to resemble the original brand name, but such errors serve as warning signs for cautious users.
According to Check Point’s findings, this phishing campaign is widespread, with over 12,200 phishing emails already distributed. The attack has primarily targeted users in Europe (45.5%), the United States (45%), and Australia (9.5%). Additionally, phishing emails have been identified in Chinese and Arabic, indicating that the attack is not limited to English-speaking users and has been deployed on a global scale, impacting businesses and individuals alike.
Phishing remains one of the most effective cyberattack strategies in 2025 due to its low cost, scalability, and high success rate. Cybercriminals are increasingly leveraging generative AI and automation tools to create highly convincing phishing emails, mimicking trusted brands and official communication channels. This level of sophistication makes it more difficult for individuals and businesses to identify fraudulent messages before falling victim to them. The growing interconnection of cloud services, automated systems, and enterprise applications means that one compromised account can potentially lead to larger security breaches.
To minimize the risk of falling for phishing scams, businesses and individuals should verify sender details, as official Facebook communications will not come from third-party domains like Salesforce. Misspelled words, altered logos, and unusual formatting are clear indicators of phishing. Instead of clicking links in emails, users should manually enter the website URL in a secure browser. Enabling two-factor authentication (2FA) adds an extra layer of security that can prevent unauthorized access even if login credentials are compromised. Suspicious emails should be reported to IT security teams, email providers, or Facebook’s security department.
As cybercriminals continue to enhance their techniques, businesses and individuals must remain vigilant and prioritize security awareness. By staying informed and adopting proactive cybersecurity strategies, organizations can protect themselves from phishing threats and other cyber risks.
