A new phishing campaign on Facebook tries to deceive you with emails sent from Salesforce.

Cybercriminals are exploiting a legitimate Salesforce tool to conduct phishing attacks targeting Facebook users. According to a report from security researchers, these criminals are using an automated email service from Salesforce, sending emails that appear legitimate because the sender's address corresponds to Salesforce.

The emails present common threats, such as notifying the recipient that their Facebook account is under review. To avoid suspension of access, victims are asked to verify their information. The links in these emails lead to fake Facebook support pages, where sensitive credentials like passwords are stolen.

The landing page design is poorly executed, as it attempts to mimic the Facebook logo but contains obvious errors, such as the word 'Faceloook'. So far, over 12,200 emails have been documented, with a particular focus on users in the European Union (45.5%) and the United States (45%), while 9.5% of the targets are from Australia. Additionally, versions of these emails have been found in Chinese and Arabic, indicating that the campaign has a global reach.

Phishing remains one of the most widely used tactics by cybercriminals in 2025. Its low cost, scalability, and omnipresence make it an attractive resource for carrying out attacks, especially with the aid of generative artificial intelligence tools that facilitate the creation of deceptive content to steal information.