Salesforce.comusers are being
targeted byphisherstrying to steal their
usernames and passwords.
The attack on the salesforce.com CRM user base is a variant of
known attacks that attempt to lure users into installing malware
that can collect passwords to online systems, including banks,
credit cards, shopping websites and salesforce.com itself.
"What makes this attack unique is its social engineering," said
Stephen Pao, vice-president of product management at security firm
Barracuda Networks. "The e-mail masquerades as part of the
Salesforce Identity Confirmation feature, which ironically was
intended to enhance legitimate salesforce.com security measures
against the latest wave of phishing attacks."
He said, "Because of its clever design, unsuspecting
salesforce.com users may inadvertently install the malware."
The Barracuda Spam Firewall has now been updated to block the
Salesforce.com attacks.