At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Salesforce Becomes the Latest Platform to Unwittingly Aid Phishing Scammers

    Cybercriminals used the legitimacy of Salesforce’s email gateway to bypass security scanners and target Meta customers in an effort to steal Facebook credentials.

    One of the initial challenges any phishing attack has is to make it past security measures designed to scan and identify malicious emails. One such way is to misuse a legitimate well-known platform’s outbound sending of emails. We saw this recently with legitimate Paypal invoices being sent to unwitting victims, using Paypal’s own outbound email system as the delivery mechanism. And because the email is actually from Paypal, of course it’s going to make its way to the Inbox.

    A new attack on Meta customers has been uncovered whereby cybercriminals misuse Salesforce’s “Email-To-Case” feature, which converts emails inbound to Salesforce into helpdesk tickets, resulting in a legitimate outbound email being sent. Coming from an @salesforce.com domain means that security scanners are going to let the email through every time.

    In this particular scam, Facebook was impersonated, with the recipient being told they had violated guidelines and needed to “request a review” which took them to a spoofed Facebook login page to capture the credentials.

    These kinds of attacks go to show you that you can’t trust any email – regardless of who sends it, what domain it’s from, whether it looks legitimate, etc. Users that undergo security awareness training have a much better understanding of this and are less likely to engage with such content, regardless of how legitimate it may look.

    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Request a Demo

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top