Threat analysts have uncovered a sophisticated phishing attack imitating emails from Salesforce that are likely bypassing many business email filters.
Phishing attacks making use of fake Salesforce domains have increased by 109% since the start of 2024, according to new research.
The new tactic involves the impersonation of a legitimate Salesforce domain in order to send victims to a spoofed version of a Meta partner portal, which is able to steal user credentials.
The malicious payload used by the threat actors had not been identified on any of VirustTotal’s antivirus scanners and URL/blocklisting services, according to researchers at security software company Egress.
Threat actors were able to impersonate an authentic Salesforce domain by compromising a business using Salesforce products and then launching the attack through the legitimate Salesforce servers, analysis from Egress’ threat intelligence team suggests.
The attack takes advantage of the popularity of Salesforce’s solutions, used by over 150,000 organizations around the world. Salesforce domains are likely to be included on a ‘trusted sender’ list at many organizations, and thus regardless of the message’s content it would be guaranteed to reach the recipient’s inbox.
Unlike other popular approaches used in phishing campaigns, such as using a legitimate site to host a malicious payload or using a legitimate link to disguise the final destination, this attack uses a legitimate service to redirect users to the malicious site.
Employees quickly inspecting the hyperlink may be deceived upon reading ‘notification.google’ at the start of the URL. These links cannot be mass blocked by blocklists due to their legitimate use elsewhere.
Signature-based anti-phishing technologies are also unable to identify the emails as malicious, as Egress found the email passed all three of the SPF, DKIM, and DMARC authentication methods.
Egress’ 2024 report on email security found 94% of organizations fell victim to phishing attacks, with 79% of account takeover attacks starting with a phishing email.
The widespread adoption of AI among threat actors is also a key factor in improving the efficacy and efficiency of phishing attacks, making them more realistic and faster to produce.
Read the full art. on ”itpro.com”
Foto: ”freepik.com”