Salesforce.com phishing highlights security loophole

News
By Miya Knights
published

A security vendor today urged organisations to install behavioural analysis software after the hosted software provider's database became a phishing target.

Salesforce.com, the on-demand software company, this week admitted it and its customers were targeted by cyber-criminals, prompting security experts to call for extra measures to track potentially risky online behaviour.

In an open letter to customers, the software-as-a-service market leader confirmed it had been the target of a phishing exercise designed to get its end-using customers to divulge sensitive financial information.

It said the compromise occurred when a Salesforce.com employee fell victim of a phishing scam that allowed a Salesforce.com customer contact list to be copied.

"As a result of this, a small number of our customers began receiving bogus emails that looked like salesforce.com invoices," it warned.

Tier-3

Miya Knights
Miya Knights

A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.

Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.