salesforce.com users exposed to phishing scam

salesforce.com users exposed to phishing scam

Summary: In all the excitement over Google and Facebook, my usually eagle-eyed enterprisey colleagues missed that salesforce.com exposed some of its users to a phishing scam.

SHARE:

salesforce.com

In all the excitement over Google and Facebook, my usually eagle-eyed enterprisey colleagues missed that salesforce.com exposed some of its users to a phishing scam. The Washington Post says that:

Salesforce.com acknowledged that a recent spate of targeted e-mail virus and phishing attacks against its customers resulted from one of its own employees falling for a phishing scam and turning over the keys to the company's customer database.

The company is remaining tight lipped about what will be seen by on premise vendors as a validation of saas/on-demand security issues. It has however acknowledged that some customers were sucked into the scam:

We learned that a salesforce.com employee had been the victim of a phishing scam that allowed a salesforce.com customer contact list to be copied. To be clear, a phisher tricked someone into disclosing a password, but this intrusion did not stem from a security flaw in our application or database.

Parker Harris, EVP technology at salesforce.com is communicating with customers, explaining what it is doing and advising:

...we strongly recommend that our customers implement the following changes to enhance security:

    • Modify your Salesforce implementation to activate IP range restrictions. This will allow users to access Salesforce only from your corporate network or VPN, thus providing a second factor of authentication.
    • Educate your employees not to open suspect emails and to be vigilant in guarding against phishing attempts
    • Use security solutions from leading vendors such as Symantec to deploy spam filtering and malware protection
    • Designate a security contact within your organization so that salesforce.com can more effectively communicate with you. Contact your salesforce.com representative with this information.
    • Consider using other two-factor authentication techniques including RSA tokens and others
    • Attend an educational Webinar on Thursday, November 8 in which our experts will walk you through these recommended changes and best practices. Visit www.salesforce.com/security for details.

Topics: Security, Enterprise Software

Dennis Howlett

About Dennis Howlett

Dennis Howlett is a 40 year veteran in enterprise IT, working with companies large and small across many industries. He endeavors to inform buyers in a no-nonsense manner and spares no vendor that comes under his microscope.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion