Warns Customers Of Phishing Scheme - InformationWeek
04:42 PM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>> Warns Customers Of Phishing Scheme

A employee was tricked into disclosing a password, providing the phisher with information on a customer contact list.

A employee bit on the bait of a phisher, and now the Web-based CRM software provider is warning customers not to fall for the same cybercriminal tricks.

On its Web site this week, posted a "letter about security" to customers alerting them to be cautious of "phishing and malware scams on the Internet," which are on "the rise."

In fact, the company revealed that a employee had been a recent victim of a phishing scam that tricked the worker into disclosing a password, providing the phisher with information on a customer contact list. That contact list information included "first and last names, company names, e-mail addresses, and telephone numbers for customers and related administrative data" belonging to, according to the letter.

The letter, which was signed by executive VP Parker Harris, also revealed that "a small number" of customer users subsequently have become victims of a phishing -- being fooled into disclosing passwords after receiving "bogus e-mails that looked like a invoice but were not."

In addition, "a few days ago, a new wave of phishing attempts that included attached malware -- software that secretly installs viruses or key loggers -- appeared and seemed to be targeted at a broader group of customers," the company disclosed in the notice.

"That's why we warned our system administrators last week of this new, more malicious phish and why we are sending this letter now with the goal of increasing awareness."

The company says its support and security teams are working with affected customers to enhance their security, as well as with law enforcement officials "and industry experts" to trace the incident and prevent further breaches.

The company isn't commenting beyond the information contained in the letter, says a representative at the company's PR agency. That includes disclosing whether any customers of's affected clients were affected by the phishing incidents.

While said in the letter that the "intrusion did not stem from a security flaw in our application or database," the incident spotlights one of the biggest worries some companies have in entrusting their data to software-as-a-service hosted vendors.

Still, when questioned about that concern, the PR representative pointed out that "data breaches in the client-server world" -- including a highly publicized incident involving a stolen Veterans Administration laptop last year -- underscores that all environments need to be vigilant in data security.

In its letter, recommends customers implement a number of changes "to enhance security," including educating employees not to open suspect e-mails; modify their Salesforce implementation "to activate IP range restrictions," allowing users to access Salesforce only from corporate networks or VPNs; and deploying spam filtering and malware protection software.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll