Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses.
According to a recent blog post from email security service provider Perception Point, the bad actors are sending phishing emails via the Salesforce email service by impersonating the Israel Postal Service in a campaign that has targeted multiple Israeli organizations.
In the blog post, Perception Point cybersecurity analysts Miri Slavoutsky and Shai Golderman wrote that this is the first time they had seen attackers abuse Salesforce services for malicious purposes.
“Mass Email gives users the option to send an individual, personalized email to each recipient, thus creating the perception of receiving a unique email, created especially for you,” Slavoutsky and Golderman wrote. “Spoofing attempts of Salesforce are nothing new to us. Attackers spoof emails from Salesforce for credential theft, is a typical example. In this case, the attackers actually purchased and abused the service; knowing that most companies use this service as part of their business, and therefore have it whitelisted and even allowed in their SPF records.”