Dropbox Sign Breach Exposes Customer Data
Cloud storage giant Dropbox has recently disclosed a data breach affecting its eSignature service, Dropbox Sign (formerly HelloSign). The incident highlights the ongoing risks businesses…
Hackers Exploit Salesforce to Target Facebook Users
Hackers have found a new way to steal Facebook account details by exploiting a weakness in Salesforce’s email service. This flaw, nicknamed “PhishForce,” allows threat actors to send phishing emails through Salesforce, a trusted source, making it easier for these dangerous emails to evade detection and land in your inbox.
What’s happening?
The hackers are using a feature in Salesforce called “Email-To-Case” to bypass security measures and send out phishing emails. These emails appear to come from Meta (the company that owns Facebook) and are designed to trick you into revealing your Facebook login details.
How does it work?
When you click on a link in one of these phishing emails, you’re taken to a fake page that looks like it’s part of Facebook’s gaming platform. This makes the scam seem more legitimate and harder to spot. Interestingly, Facebook retired this gaming platform in July 2020, but it seems that hackers have found a way to access old accounts that still have access to it, possibly by buying them on the dark web.
What’s being done about it?
Salesforce has taken steps to fix the problem on its end, and its solution was implemented on July 28, 2023. However, the issue with Facebook’s gaming platform still exists, and Meta’s engineers are working hard to figure out why their existing security measures aren’t stopping the attacks. In the meantime, Meta has taken down the phishing pages that they’ve found.
How can you protect yourself?
Here are some steps you can take to stay safe:
- Be cautious with your emails. Look for inconsistencies, and double-check the sender’s address and name.
- Use multi-factor authentication (MFA) for your accounts. This adds an extra layer of protection.
- Keep all your systems up-to-date with the latest patches. This can help prevent exploits if you accidentally click on a phishing link or download a malicious file.
- Report any suspicious emails as spam. This helps your email filters learn and adapt.
- Don’t download attachments unless you’re sure they’re safe.
- If you’re a business owner, consider running phishing awareness campaigns for your employees.
Related Links:
Related articles
Social Media Fraud: The Evolving Threat and How to Defend Yourself
Social media platforms offer connection and entertainment, but they’ve also become a hunting ground for sophisticated scammers. These criminals are increasingly turning to a combination…
DarkGate Malware: Threat Exploiting AutoHotkey
The DarkGate malware family, a persistent threat since 2018, has recently resurfaced in a sophisticated global campaign. This Remote Access Trojan (RAT), built using the…