The attack on the salesforce.com CRM user base is a variant of known attacks that attempt to lure users into installing malware that can collect passwords to online systems, including banks, credit cards, shopping websites and salesforce.com itself.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
"What makes this attack unique is its social engineering," said Stephen Pao, vice-president of product management at security firm Barracuda Networks. "The e-mail masquerades as part of the Salesforce Identity Confirmation feature, which ironically was intended to enhance legitimate salesforce.com security measures against the latest wave of phishing attacks."
He said, "Because of its clever design, unsuspecting salesforce.com users may inadvertently install the malware."
The Barracuda Spam Firewall has now been updated to block the Salesforce.com attacks.