Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Hackers Exploit Salesforce to Target Facebook Users
Hackers have found a new way to steal Facebook account details by exploiting a weakness in Salesforce’s email service. This flaw, nicknamed “PhishForce,” allows threat actors to send phishing emails through Salesforce, a trusted source, making it easier for these dangerous emails to evade detection and land in your inbox.
What’s happening?
The hackers are using a feature in Salesforce called “Email-To-Case” to bypass security measures and send out phishing emails. These emails appear to come from Meta (the company that owns Facebook) and are designed to trick you into revealing your Facebook login details.
How does it work?
When you click on a link in one of these phishing emails, you’re taken to a fake page that looks like it’s part of Facebook’s gaming platform. This makes the scam seem more legitimate and harder to spot. Interestingly, Facebook retired this gaming platform in July 2020, but it seems that hackers have found a way to access old accounts that still have access to it, possibly by buying them on the dark web.
What’s being done about it?
Salesforce has taken steps to fix the problem on its end, and its solution was implemented on July 28, 2023. However, the issue with Facebook’s gaming platform still exists, and Meta’s engineers are working hard to figure out why their existing security measures aren’t stopping the attacks. In the meantime, Meta has taken down the phishing pages that they’ve found.
How can you protect yourself?
Here are some steps you can take to stay safe:
- Be cautious with your emails. Look for inconsistencies, and double-check the sender’s address and name.
- Use multi-factor authentication (MFA) for your accounts. This adds an extra layer of protection.
- Keep all your systems up-to-date with the latest patches. This can help prevent exploits if you accidentally click on a phishing link or download a malicious file.
- Report any suspicious emails as spam. This helps your email filters learn and adapt.
- Don’t download attachments unless you’re sure they’re safe.
- If you’re a business owner, consider running phishing awareness campaigns for your employees.
Related Links:
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…