Salesforce.com Warns Customers Of Phishing Scheme - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Salesforce.com Warns Customers Of Phishing Scheme

A Salesforce.com employee was tricked into disclosing a password, providing the phisher with information on a customer contact list.

A Salesforce.com employee bit on the bait of a phisher, and now the Web-based CRM software provider is warning customers not to fall for the same cybercriminal tricks.

On its Trust.Salesforce.com Web site this week, Salesforce.com posted a "letter about security" to customers alerting them to be cautious of "phishing and malware scams on the Internet," which are on "the rise."

In fact, the company revealed that a Salesforce.com employee had been a recent victim of a phishing scam that tricked the worker into disclosing a password, providing the phisher with information on a customer contact list. That contact list information included "first and last names, company names, e-mail addresses, and telephone numbers for Salesforce.com customers and related administrative data" belonging to Salesforce.com, according to the letter.

The letter, which was signed by Salesforce.com executive VP Parker Harris, also revealed that "a small number" of Salesforce.com customer users subsequently have become victims of a phishing -- being fooled into disclosing passwords after receiving "bogus e-mails that looked like a Salesforce.com invoice but were not."

In addition, "a few days ago, a new wave of phishing attempts that included attached malware -- software that secretly installs viruses or key loggers -- appeared and seemed to be targeted at a broader group of customers," the company disclosed in the notice.

"That's why we warned our system administrators last week of this new, more malicious phish and why we are sending this letter now with the goal of increasing awareness."

The company says its support and security teams are working with affected customers to enhance their security, as well as with law enforcement officials "and industry experts" to trace the incident and prevent further breaches.

The company isn't commenting beyond the information contained in the letter, says a representative at the company's PR agency. That includes disclosing whether any customers of Salesforce.com's affected clients were affected by the phishing incidents.

While Salesforce.com said in the letter that the "intrusion did not stem from a security flaw in our application or database," the incident spotlights one of the biggest worries some companies have in entrusting their data to software-as-a-service hosted vendors.

Still, when questioned about that concern, the Salesforce.com PR representative pointed out that "data breaches in the client-server world" -- including a highly publicized incident involving a stolen Veterans Administration laptop last year -- underscores that all environments need to be vigilant in data security.

In its letter, Salesforce.com recommends customers implement a number of changes "to enhance security," including educating employees not to open suspect e-mails; modify their Salesforce implementation "to activate IP range restrictions," allowing users to access Salesforce only from corporate networks or VPNs; and deploying spam filtering and malware protection software.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Commentary
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
Slideshows
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll