A newly discovered phishing campaign targeting Facebook users has been identified by researchers at Check Point Software Technologies.
The attack, which began in late December 2024, has already reached over 12,279 email addresses and impacted hundreds of companies globally.
The campaign exploits Facebook’s massive user base recognized as the most popular social network worldwide and leverages the platform’s branding to deceive victims into surrendering their credentials.
The phishing emails, sent primarily to enterprises in the European Union (45.5%), the United States (45.0%), and Australia (9.5%), falsely claim that the recipient’s recent activity may have violated copyright laws.
Versions of the phishing emails have also been observed in Chinese and Arabic, indicating a broad geographic target range.
Exploiting Salesforce’s Mailing Service for Credibility
The attackers utilize Salesforce’s automated mailing service to distribute the phishing emails, taking advantage of its legitimate infrastructure without breaching its security systems.
By retaining the sender ID as noreply@salesforce.com, the emails appear credible and bypass many email filters.
The messages include counterfeit Facebook logos and alarming language about copyright infringement, urging recipients to take immediate action.
Victims who click on the embedded links are redirected to a fraudulent Facebook support page designed to harvest their credentials.
The landing page mimics official Facebook interfaces and pressures users to provide login details under the guise of account review processes.
Consequences for Businesses and Industries
This phishing campaign poses significant risks to businesses that rely on Facebook for advertising, customer engagement, or brand visibility.
A compromised Facebook admin account can allow attackers to manipulate content, delete posts, or lock out legitimate administrators.
Such breaches can result in reputational damage, loss of client trust, and potential legal liabilities.
According to the Check Point research Report, for organizations in regulated sectors like healthcare or finance, the stakes are even higher.
Unauthorized access to sensitive data could lead to non-compliance with industry regulations, exposing businesses to fines and legal challenges.
To mitigate risks from such phishing campaigns, organizations should adopt proactive security measures.
Setting up alerts for suspicious login attempts and unusual account activity is critical.
Employee education is equally important; admins should be trained to verify account statuses directly through official channels rather than clicking on email links.
Businesses should also inform customers about legitimate communication practices to prevent further exploitation in case of account hijacking.
Additionally, maintaining an incident response plan can help recover compromised accounts swiftly while ensuring transparent communication with affected stakeholders.
This sophisticated phishing campaign underscores the importance of robust cybersecurity practices as cybercriminals continue to exploit trusted platforms like Facebook and Salesforce for malicious purposes.
Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free
