/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- Customer reporting a suspicious email with a Subject Title included SAP Successfactors.
- Customer that report the incident explains that they received the suspicious email from "mail.sap.com" domain
- Example email subject "Your updated tax form is ready in SAP SuccessFactors"
Disclaimer: Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP Successfactors HCM Suite
Resolution
- The emails in question were sent from an external account managed by a third-party provider, which was misused by an unauthorized party. While the messages were made to appear as if they were from SAP, they did not originate from SAP systems.
- We’d like to reassure you that SAP systems, infrastructure, and user credentials were not affected, and there was no unauthorized access to any internal environments.
See Also
refer to: Phishing (general guidance)
Keywords
mail.sap.com, phishing, successfactors, email signed, dkim, trusted signature, malicious url, link redirect, Russia, spoofed email, email notifications, eml sample, phishing campaign, email security, sap domain, INC24410517, CS20260012106063 , KBA , LOD-SF-PLT-SING , Single Sender and Recipient , Problem
Product
SAP SuccessFactors Platform all versions
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)