Phishing Scam 2025.05.22 - Salesforce Scam

On May 22, 2025 at approximately 3:30pm EDT, the following email was sent to members of the Dartmouth community.

Subject: Your account activity needs review
Sender: Clara N. <noreply@salesforce.com>

Dear (Redacted),

We’re reaching out about a recent post associated with your business profile. After a routine review, it seems the content may not fully meet our community standards.

To maintain optimal visibility and performance on the platform, we recommend reviewing the post and making any necessary updates. If no action is taken, the account may experience reduced reach or temporary limitations.

For guidance, please follow the button below to visit our Help Centre. There, you’ll find steps to connect with our support team via live chat. Kindly have any relevant details ready to help us assist you efficiently.

Follow to next step

Powered by Instagram
Don’t want to receive these emails? Unsubscribe

This email contains the following indications of a phishing attack:

  • Emails claiming "your account activity needs review" from Salesforce are a known phishing scam.
    • These emails try to trick you into revealing sensitive information like your login credentials or other personal data. 
    • Salesforce has stated that they never ask users to submit login credentials via email. 
  • The email address (noreply@salesforce.com) does not match the display name ('Clara N.'), a common pattern in impersonation attempts.
  • The email creates a sense of urgency that action must be taken immediately (in this case, to prevent experiencing reduced reach or temporary limitations), a common tactic for phishing scams.
  • The email closes out by indicating that it is powered by Instagram. Though Instagram and Salesforce can be integrated, it is highly unlikely that Instagram would handle such communications for Salesforce.

If you receive an email similar to this one, it is recommended that you take the following actions:

  • Do not reply to the message
  • Do not click on any links
  • Mark the message as spam or junk
  • Forward the message to phishing@dartmouth.edu
  • Since this scam is related to Salesforce, you can forward the email to security@salesforce.com to report it directly to the company
  • Block the sender
  • If you have a Salesforce account, log in to Salesforce directly (DO NOT use the link in the email) and take actions to protect your account:
    • Ensure you are using strong, unique passwords for your Salesforce account and other accounts
    • Enable two-factor authentication, if possible, to add an extra layer of security to your Salesforce account
Print Article