user base targeted by phishers users are being targeted by phishers trying to steal their usernames and passwords. users are being targeted by phishers trying to steal their usernames and passwords.

The attack on the CRM user base is a variant of known attacks that attempt to lure users into installing malware that can collect passwords to online systems, including banks, credit cards, shopping websites and itself.

"What makes this attack unique is its social engineering," said Stephen Pao, vice-president of product management at security firm Barracuda Networks. "The e-mail masquerades as part of the Salesforce Identity Confirmation feature, which ironically was intended to enhance legitimate security measures against the latest wave of phishing attacks."

He said, "Because of its clever design, unsuspecting users may inadvertently install the malware."

The Barracuda Spam Firewall has now been updated to block the attacks.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Much like the approaches used to foil them, and in fact driven by those approaches, phishing (and other) attacks are being forced to become more adaptive to survive. Create a new security feature and, before long, the phishing attacks will adapt to take advantage of that feature.