Salesforce Gets Phished
Salesforce Gets Phished
November 9, 2007: Online CRM provider, Salesforce has revealed that an employee has fallen victim to a ‘phishing’ scam and given out customer details of over 1,000 Australian & New Zealand customers.
In an email to customers, Salesforce has admitted the loss of customer data when an employee was deceived into coughing up login details to a fraudster as part of a phishing scam. Phishing refers to malicious users who fraudulently pose as a reliable source in emails and other communiqué. They lure the user into thinking the email is from your bank, a website you regularly shop at or even your work’s own internal network.
“The thieves are trying to get access to corporate databases held at salesforce.com to steal salesforce.com's customer lists - but they could be doing (and probably will try to do) the same to the customers of any large CRM vendor.” Said David Bradshaw, Principal Analyst at Ovum.
Victims of phishing occur quite regularly, but usually it’s from the famous Ebay and Paypal phishing scams which net small time users, the latest attack may cause significant reputation damage to Salesforce.
“SaaS applications like salesforce.com may seem more vulnerable because they have a very public 'front door' on the Internet that anyone can try and enter. But this is far from unique to SaaS - most companies of any size have web 'front doors' for customers and web 'back doors' for staff to gain access to their intranet, email and other key applications remotely.” Bradshaw said.