Salesforce.com falls for phishing scam, warns customers
Salesforce.com is warning customers that they may be the targets of malicious software or phishing scams, after one of its employees was tricked into divulging a corporate password.
In a note to customers, Salesforce said that online criminals have been sending customers fake invoices and, starting just a few days ago, viruses and key logging software. The e-mails were sent using information that was illegally obtained from Salesforce.com.
Salesforce.com bills its Web-based CRM (customer relationship management) products as easier to use and maintain than traditional CRM software, but this latest development underlines the security risks that come with this more open model.
The problems began a few months ago, when a Salesforce.com employee fell for a phishing scam and divulged a company password that gave attackers access to a customer contact list. With this password, the criminals were able to obtain first and last names, company names, e-mail addresses and telephone numbers of Salesforce.com customers.
"As a result of this, a small number of our customers began receiving bogus e-mails that looked like Salesforce.com invoices," Salesforce.com said.
Some of those customers then fell victim to the scam and gave up their passwords to the criminals, too. When Salesforce.com started seeing malicious software being attached to these e-mails, the company decided to issue a general alert to its nearly 1 million subscribers.
According to the Washington Post, Suntrust Banks was one of the customers victimized by this scam.
Salesforce.com is working with law enforcement to resolve the problem, but in the meantime it is recommending that customers implement a number of security measures in order to cut down on the phisher's chance of succeeding.
Suggested actions include restricting Salesforce.com account access to users who are within the corporate network, phishing education or the use of stronger authentication techniques to log on to the Salesforce.com servers.
Salesforce.com declined to comment further on the matter. "Everything that they have to say about it is in this note," a spokesman with the company's public-relations agency said.
- +
The 2007 security hall of shame 27 December, 2007 07:47:46
Bad breaches, ghastly gaffes and five people we'd like to forgetHow bad was 2007 for breaches, vulnerabilities and similar mayhem? On the bright side, it was better than 2008 is forecast to be. With more of every sort of meltdown predicted -- more criminalization of the hacker community, more Web-application attacks, more phishing, more spamming, more zero-day attacks and more virtualization-related threats -- we're happy to tell you that you are likely to look back on 2007 as the peaceful old days. - +
True crime: The botnet barons 04 January, 2008 07:03:57
Two weeks ago, the feds revealed the names of eight people who had used botnets to engage in nefarious activity. Here are their storiesWhen federal agents announced on November 29 that they'd indicted or convicted eight individuals accused of using botnets (networks of computers infected with Trojan horse applications) to engage in criminal activity, the press release barely explained the nature and extent of the men's crimes -- or the investigations that led to arrests in an operation the FBI and other law enforcement agencies have termed Bot Roast II. - +
ARN's A-Z guide to networking 19 December, 2007 14:50:54
As business needs change, so do the requirements for the business backbone. ARN looks at networking trends and technologies and reports on predictions for 2008 and beyond.
Click here for case studies, whitepapers and other useful vendor content 
ARN Panel Sessions: Day 3The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?
Weekly Tech News Update: 21st November 2008Yahoo's CEO says goodbye, Intel introduces a new processor, and robots run wild. All that news and more on this week's World Tech Update
Electronic voting in U.S. electionDoubts about voting machines are lingering in the minds of many Americans as they head to the polls.
When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 20 November, 2008 17:34:00
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 20 November, 2008 12:06:00
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 20 November, 2008 12:04:00
NetApp Named 2008 Citrix Ready Solution of the Year by Citrix Systems 20 November, 2008 11:33:00
Extreme Networks Ethernet Transport lowers total cost of ownership for carrier metro networks 20 November, 2008 10:21:00
Dataract increases e5 Workflow performance with Microsoft® Windows Server® 2008
Since upgrading to Windows Server 2008 from Windows Server 2003, Dataract have made visible improvements in their workflow calculations and image presentation performance.
Buying Guides
Buying Guides
