More Salesforce security news

I wanted to repost this information from Salesforce regarding a new "phishing" attempt - as always - beware of email asking for user names, passwords, credit card information, that contain files to download that you aren’t expecting and so on!

 

Dear Salesforce.com Customer,

Please be advised that there is a new malicious phishing email being circulated that is attempting to mimic the Salesforce Identity Confirmation feature.

What does this phishing email look like?

This goal of this malware is to attempt to collect user passwords to online systems, including banks, credit agencies, and salesforce.com.  It does this using an email attachment that contains malicious software intended to compromise your PC.  Known attachments have been variously named either form.zip or UpdateIElink.zip, but other names may exist.  Here is a sample of the email text:

New Security Feature: Identity Confirmation

To further protect our customers from security threats stemming from phishing attempts, salesforce.com will be implementing "Identity Confirmation." This set of security features is triggered when users attempt to login to Salesforce from a different computer and from an unrecognized location for the first time. Please download and install the security update attached to this email.

What action must I take?
Do not open the attachment.  Delete the email and attachment immediately.
If a user has installed this attachment on his system:

  • The system should be disconnected from the network immediately. (It may take up to 72 hours for the major anti-virus utility vendors to update their signatures to block this malware.)
  • Compromised users should change passwords for all computing systems to which they have access, including Salesforce, banking, credit, email, and company systems.

How can I tell the difference between this phishing attempt and salesforce.com’s Identify Confirmation Feature?

  • The salesforce.com Identity Confirmation feature will always send a link that leads to a secure salesforce.com domain.  For example:
    https://na5.salesforce.com/_nc_external/system/security/ChallengeValidate
  • The salesforce.com Identity Confirmation feature will not ever include an attachment or direct you to download and install software.  Any emails of this nature should be considered malicious.

How can I get more information?
Please visit trust.salesforce.com for additional information regarding this phishing attempt and to get more information regarding online security best practices. 

In addition, your Customer Success Manager or Customer Support Representative work in conjunction with our Technology & Products team and are all equipped to answer questions you may have.

Regards,
Salesforce.com Customer Support

© Copyright 2000-2008 salesforce.com, inc.
All rights reserved :: Various trademarks held by their respective owners
salesforce.com | One Market Street, Suite 300, San Francisco | CA 94105

This message was sent by salesforce.com.
Safely unsubscribe from salesforce.com e-mail at any time.
View our permission marketing policy.

Post a comment Post a CommentTrackback URI Trackback URI

XML RSS 2.0 feed for these comments

This entry (permalink) was posted on Tuesday, January 8th, 2008 at 8:49 PM by patricks and categorized in Salesforce.

Post a Comment

*Required
*Required (Never published)
 
« NPower, One NW, Edge, David Brin and Web 2.0
Getting to the root of the problem »
Home