According to web browsing security firm Guardio, threat actors have used a Salesforce zero-day vulnerability and abused Meta features in a sophisticated phishing campaign.
Attackers sent out emails that appeared legitimate in an effort to trick users into visiting a phishing website and providing their Facebook account information, which included their name, account name, email address, phone number, and password. The emails appeared to be from ‘Meta Platforms’ and were sent from a @salesforce.com address, and they included the real name of the targeted user.
On June 28, Guardio notified Salesforce, and within a month, a fix had been implemented across all impacted services and instances. According to Salesforce, there has been no impact on customer data.