Salesforce.com customers victimized by phishing scheme

Customer Relationship Management software vender Salesforce.com has sent a letter to its customers, warning that they may be the targets of malicious software or phishing scams, after one of its employees received a phishing e-mail message and was tricked into divulging a corporate password.

In addition to obtaining the employee's password, the scammer was able to download a copy of a customer contact list from the unsuspecting Salesforce.com employee. The list included customer first and last names, company names, e-mail addresses, telephone numbers, and other data.

"As a result of this, a small number of our customers began receiving bogus e-mails that looked like Salesforce.com invoices," Salesforce.com said in a statement.

DMNews.com reports that some of Salessforce.com's customers have fallen victim to the scam and have provide3d their passwords to the criminals as well. When Salesforce.com started seeing malicious software being attached to these e-mails, the company decided to issue a general alert to its nearly 1 million subscribers.

In the letter that Salesforce.com sent to its customers, the company noted that online criminals have been sending customers fake invoices, viruses, and key logging software. The e-mails were sent using information that was illegally obtained from Salesforce.com.

Salesforce.com has reported the phishing crime to law enforcement officials and is recommending that customers implement a number of security measures to protect themselves and their data.

Salesforce.com suggests that its users follow these steps to implement and insure security:

  • Modify your Salesforce implementation to activate IP range restrictions. This will allow users to access Salesforce only from your corporate network or VPN, thus providing a second factor of authentication.

  • Educate your employees not to open suspect e-mails and to be vigilant in guarding against phishing attempts.

  • Use security solutions from leading vendors such as Symantec to deploy spam filtering and malware protection.

  • Designate a security contact within your organization so that Salesforce.com can more effectively communicate with you. Contact your Salesforce.com representative with this information.

  • Consider using other two-factor authentication techniques including RSA tokens and others.

  • Attend an educational Webinar presentation in which our experts will walk you through these recommended changes and best practices. Visit www.salesforce.com/security for details.

    You can read the letter that Salesforce.com sent to its to users.

    You may like these other stories...

    How are you planning? What tools do you use (or fail to use) for forecasting? PlanGuru is a business budgeting, forecasting, and performance review software company based in White Plains, N.Y. AccountingWEB recently spoke...
    Event Date: October 30, 2014, 2 pm ETMany Excel users have a love-hate relationship with workbook links. For the uninitiated, workbook links allow you to connect one Microsoft Excel spreadsheet to other spreadsheets, Word...
    Event Date: September 9, 2014, 2:00 pm ETIn this session we'll discuss the types of technologies and their uses in a small accounting firm office. Included will be:The networked office: connecting everything together for...

    Already a member? log in here.

    Upcoming CPE Webinars

    Aug 21
    Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.
    Aug 26
    This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
    Aug 28
    Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
    Sep 9
    In this session we'll discuss the types of technologies and their uses in a small accounting firm office.