Application security, Threat Management, Incident Response, Malware, Phishing, TDR

Phisher steals customer list

Customers of are facing a barrage of phishing emails containing viruses and keyloggers after the company suffered the leak of a customer contact list.

The company announced Tuesday in a letter to customers that a contact list was leaked by a employee who fell for a phishing scam and revealed a password. The phisher accessed and copied the customer list, Parker Harris,'s executive vice president of technology, said in the letter.

Included on the contact list are first and last names, company names, email addresses and telephone numbers of customers, as well as a variety of data associated with accounts.

The San Francisco-based company uncovered the leak after it saw an increase in phishing attempts directed at customers in recent months. Salesforce said a small number of customers received fraudulent emails resembling company invoices that attempted to collect additional customer-related information. Harris said that a "very small number" of customers revealed passwords to the phisher.

The leak could have been prevented had deployed widely available security technologies, such as two-factor authentication, sender ID or DomainKey Identified Mail (DKIM) protocols, according to Dave Jevans, chairman of the Anti-Phishing Working Group (APWG).

"I don't think you can rely solely on user education [to stop phishing attacks]," Jevans told "If a guy gets an email that appears to be from IT asking for a password, evidence indicates that 17 percent of employees will fall for it."

Harris said in the letter that the company is working on several fronts to help customers deal with the phishing attacks by monitoring and analyzing logs to ensure rapid response, reinforcing security education and tightening access policies internally.

Salesforce advised customers to activate IP range restrictions, which allow users to access Salesforce only from within their corporate networks or via a VPN. The company will host a webinar today to inform customers of changes in its polices.

Other than making a copy of Harris' letter available, did not provide with more information or comment on the leak.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.