Elastica discovered an injection vulnerability in Salesforce which opened the door for attackers to use a trusted Salesforce application as a platform to conduct phishing attacks to steal end-users’ login credentials and hijack accounts. On August 10, Salesforce patched the vulnerability.
Because the vulnerability existed in an actual Salesforce subdomain, end users receiving phishing emails with the URL would likely have had no way of identifying it as malicious and there is a high probability such a URL would not have been detected by spam filters or other anti-phishing solutions.
