As reported by Information Week:
A Salesforce.com employee bit on the bait of a phisher, and now the Web-based CRM software provider is warning customers not to fall for the same cybercriminal tricks.
On its Trust.Salesforce.com Web site this week, Salesforce.com posted a “letter about security” to customers alerting them to be cautious of “phishing and malware scams on the Internet,” which are on “the rise.”
In fact, the company revealed that a Salesforce.com employee had been a recent victim of a phishing scam that tricked the worker into disclosing a password, providing the phisher with information on a customer contact list. That contact list information included “first and last names, company names, e-mail addresses, and telephone numbers for Salesforce.com customers and related administrative data” belonging to Salesforce.com, according to the letter.
The letter, which was signed by Salesforce.com executive VP Parker Harris, also revealed that “a small number” of Salesforce.com customer users subsequently have become victims of a phishing — being fooled into disclosing passwords after receiving “bogus e-mails that looked like a Salesforce.com invoice but were not.”
In addition, “a few days ago, a new wave of phishing attempts that included attached malware — software that secretly installs viruses or key loggers — appeared and seemed to be targeted at a broader group of customers,” the company disclosed in the notice.
“That’s why we warned our system administrators last week of this new, more malicious phish and why we are sending this letter now with the goal of increasing awareness.”
The incident brings to mind that we must all be wary and take precautions. As always, Privacy Maven recommends the helpful resources of the Anti-Phishing Working Group to stay apprised of current phishing scams.
No Comments so far ↓
There are no comments yet...Kick things off by filling out the form below.