Phishing Scam Targets Salesforce.com Customers
A warning from San Francisco-based Salesforce.com tells customers to be
wary of malicious software that might target them via phishing scams.
Salesforce.com posted a note saying that Internet criminals were sending
counterfeit invoices to the customers since mid-October 2007, as well as
keylogging software and viruses. The e-mails they sent used information
that the miscreants acquired without authorization from Salesforce.com.
Salesforce.com creates invoice for its Web-based 'Customer Relationship
Management' or CRM software, which is more convenient to maintain and use
then the old CRM products, but the latest fraudulent operation indicates
the vulnerability of the new open model to security risks.
The security problems with the company started a few months back, when an
employee of Salesforce.com fell victim to a phishing scam and disclosed a
password that helped hackers to access a list of customer contact details.
The password enabled the criminals to acquire the first and last names,
telephone numbers, company names and e-mail addresses on the list of
customers of Salesforce.com.
Meanwhile, on October 19 2007, a report from Security Fix indicated that
Automatic Data Processing, the company extensively engaged in payroll
business and a number of banks, including Suntrust, had succumbed to
phishing scams that were highly targeted in nature. The phishing e-mails
used the recipients' names to address them while tricking them into
clicking a link that attempted to install malicious software to steal
passwords. An executive officer at Suntrust alleged that a data breach at
Salesforce.com enabled the fraudsters to obtain the details of Suntrust
The problem seems to be related not to a firewall or software but to a
process, said Program Manager Sheryl Kingstone for customer-centered
strategies at Yankee Group in Boston. SearchCRM.com published this on
November 6, 2007. Sometimes, a big public company is a target of such
scams, Kingstone said. The unfortunate part of it is that many companies
aren't prepared in advance to face it.
In another incident with Salesforce.com, its data got entangled with a set
of two targeted malicious attacks, apparently pushed out from the Federal
Trade Commission. The attacks planted password-stealing program on
computers of over 500 users.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 11/22/2007