Beware of Fake Salesforce Emails Deceiving Businesses and Users

Cybercriminals have found a way to exploit a legitimate Salesforce service to distribute phishing emails targeting Facebook users and businesses. Security researchers at Check Point have warned about this campaign, which uses Salesforce’s automated mailing system to send deceptive emails under the guise of official Facebook notifications.

How The Attack Works

The attackers cleverly avoid breaching Salesforce’s security systems or violating its terms of service, allowing emails to appear as if they were sent from the legitimate noreply@salesforce.com address. This makes it easier to bypass email security filters and gain victims’ trust.

The phishing email follows a familiar pattern, falsely warning recipients that their Facebook account is under review and may be suspended unless they verify their details. The email contains a link directing users to a fake Facebook support page, where attackers steal sensitive login credentials.

Despite the deceptive email address, the phishing website itself exposes some flaws. The fake Facebook support page includes a poorly copied logo, where the word “Facebook” is misspelled as “Faceloook”—a crude attempt to make the letter “lo” resemble the letter “b.”

Check Point’s analysis shows that the attack is widespread, with over 12,200 phishing emails already sent. The majority of victims are located in:

• Europe (45.5%)
• United States (45%)
• Australia (9.5%)

Researchers have discovered the emails in Chinese and Arabic, confirming that the attack has targeted businesses and individuals across multiple regions.

The Rise of Phishing

Phishing remains one of the most widely used cyberattack methods in 2025. Its low cost, scalability, and high success rate make it a preferred choice for cybercriminals. With the rise of generative AI, phishing attacks have become even more convincing, allowing attackers to craft realistic emails, impersonate trusted brands, and automate large-scale campaigns.

How to Stay Safe

To protect yourself and your business from phishing scams:

• Verify sender emails carefully—Legitimate emails from Facebook will not come from external domains like Salesforce.
• Check for branding inconsistencies—Misspellings like “Faceloook” are clear indicators of fraud.
• Avoid clicking suspicious links—Instead, go directly to the website in question through a trusted browser.
• Enable two-factor authentication (2FA) to add an extra layer of security. Even if someone compromises your credentials, 2FA can block unauthorized access.
• Report phishing emails—If you receive a suspicious email, report it to your IT security team or email provider.

As phishing attacks become more advanced, staying vigilant and informed is key to avoiding falling victim to these scams.