A new Facebook phishing campaign looks to trick you with emails sent from Salesforce

Så avblockerar du Facebook med en VPN

Check Point warns Salesforce tools are being used in phishing attacks
The attacks are using Facebook image as a lure
The goal of the campaign is to steal Facebook login credentials

Cybercriminals have been observed abusing a legitimate Salesforce service to attack people and businesses with Facebook-related phishing emails.

Researchers at Check Point warned about the ongoing campaign on its blog, describing how the criminals were using the automated mailing service that belongs to Salesforce as a marketing tool.

“In other words, they don’t breach any terms of service or the Salesforce security systems,” the researchers explained. “Rather, they use the service normally and choose not to change the sender ID. That way, the email is branded with the email address noreply [at] salesforce [dot] com.

Fakebook

The body of the phishing email is nothing extraordinary. It is the usual “your Facebook account is under review” threat, in which victims are warned about their account being suspended, unless they “verify” their details. The email shares a link to a fake Facebook support page, where sensitive information, such as passwords, get stolen.

The landing page comes with a poor attempt at a Facebook logo (it says ‘Faceloook’, where crooks apparently wanted to make letters ‘lo’ look like the letter ‘b’).

Check Point says more than 12,200 of these emails were sent so far, with “hundreds” targeting different businesses. The majority of the targets are in the EU (45.5%) and the US (45%), with the remaining 9.5% targeting Australia.

“Nonetheless, versions of the notifications have also been found in Chinese and Arabic, showing that the campaign targeted companies across geographic locales,” Check Point stressed.

Phishing continues to be one of the most popular attack vectors in 2025. It is cheap, scalable, and omnipresent, making it a great tool for cybercriminals. And with generative AI coming into the mix, phishing has turned into the ideal way to trick victims into sharing login credentials, or installing malware.

Facebook Marketplace accounts leaked online — thousands of users possibly affected, so secure your account now
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.