A new, unpatched exploit that involves a sophisticated email phishing campaign has been discovered by security researchers at Guardio Labs.
The targets are Salesforce Inc. customers, and the threat involves spoofing the company’s email servers and domain names. The process of finding and fixing the issue reveals a lot about how security teams can work together to fight phishing.
Called PhishForce, the attack is quite clever, designed to avoid detection by both Salesforce and Meta Platforms Inc.’s Facebook. It uses an old technique: sending malicious emails and hiding them inside ordinarily trusted mail gateways so that the emails won’t be challenged by protective shields. The researchers found a single questionable email message, as shown in the screen capture below, that triggered their investigation.