Salesforce infrastructure abuse: Stopping email scams and spam sent via SFDC

Sublime's Attack Spotlight series highlights various email threats exploiting trusted platforms like Salesforce to conduct spam, phishing, and crypto wallet attacks. Adversaries are leveraging Salesforce infrastructure to enhance legitimacy and evade detection, often by compromising existing accounts or creating fraudulent ones. Among the observed attacks are spam messages soliciting "opt out" responses, job scams impersonating recruiters to phish for credentials, and crypto phishing schemes offering token airdrops. These attacks, though sent via legitimate infrastructure, are detected by Sublime's AI-powered engine using specific signals such as suspicious sender behavior, brand impersonation, urgency, and redirects to Cloudflare pages. While Salesforce abuse is prevalent, Sublime emphasizes that effective email security relies on adaptive AI and machine learning to identify and mitigate these threats, offering demonstrations to showcase its preventative capabilities.