iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Salesforce.com Falls For Phishing Attack
Search:
[ insider_reports_insider ]

Salesforce.com Falls For Phishing Attack



David Utter
Staff Writer
2007-11-07

SecurityProNews: Insider Reports Insider Reports RSS Feed


Software as a Service took a credibility hit as news emerged of a successful phish against a Salesforce.com staffer, which resulted in a loss of data to criminal spammers.

Salesforce.com Falls For Phishing Attack
Salesforce.com Falls For Phishing Attack

Back in October, Mike Rothman took me to task for citing internal employees, typical computer users, as being the biggest enemy of security pros. Ladies and gentleman, I present Exhibit A.

Brian Krebs picked up on the Salesforce.com issue. A phisher managed to trick a Salesforce employee into giving up a password.

This led to the phisher grabbing some useful information, which was promptly put to use in another scam:

We learned that a salesforce.com employee had been the victim of a phishing scam that allowed a salesforce.com customer contact list to be copied. To be clear, a phisher tricked someone into disclosing a password, but this intrusion did not stem from a security flaw in our application or database.

Notice that this incident was not a failure of technology, but a success of social engineering. The Salesforce advisory continues:

Information in the contact list included first and last names, company names, email addresses, telephone numbers of salesforce.com customers, and related administrative data belonging to salesforce.com. As a result of this, a small number of our customers began receiving bogus emails that looked like salesforce.com invoices, but were not-they were also phishes.

Such comprehensive contact information allows the phishers to craft authentic looking attacks. From Salesforce again:

Unfortunately, a very small number of our customers who were contacted had end users that revealed their passwords to the phisher.

The latest wave of spam against those customers has included malware, likely tied to a criminal endeavor for financial gain. It all started with one person at a company where they certainly know of the threats online.

Salesforce has turned the question of security to its customers, providing advice on what they can do to protect themselves against phishing threats. But this latest wave of problems stems from what a Salesforce employee did first. The criminal didn't need to do any work to bypass the technical security in place.

Why should they, when people fall for simpler scams that yield the same information anyway? That's the problem security pros face in the enterprise.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds