Salesforce’s cloud platform is used by over 150,000 organizations around the globe. Hackers have found a way to compromise their service to send fake invoices to clients. Researchers have found a phishing campaign that utilizes Salesforce’s invoice-sending capabilities against Fortune 500 companies. The attackers compromised the Fortune 500 company’s account on Salesforce to send malicious invoices to customers. The fake invoices mimicked the patterns of legitimate invoices and included several Office 365 layers to avoid detection. The attacks works by first hacking the Salesforce account, then malicious code is injected into the partner’s website to generate two public-facing websites. Next the stored email list is used to draft emails with the malicious URL’s, Then when the email is received by the victim and the user clicks on the link, the malware is downloaded to the victim’s system. The main purpose of the attacks is to install trojan malware on all victim endpoints. The research shows that the same style of scam can be used on other fake invoices and credential harvesting.
Organizations should enable multi-factor authentication to prevent these emails. Add an advanced security layer to detect malicious emails. Train employees on the zero-trust concept to always verify email and invoice authenticity before opening them.