Print this page

Customer Account Protection and Security - Phishing

Knowledge Article Number 000005381
Description

Customer Account Protection and Security - Phishing

Resolution

Customer Account Protection and Security

 

Overview

In the past, some customers received emails that appeared to be salesforce.com invoices, but in fact were not. These emails contained a link to a website mimicking a salesforce.com login page, but it was not a page in any way related to salesforce.com.  Some users entered login information, which potentially gave the phisher access to that customer's information. 

 

Regrettably, phishing is a fact of life on the internet, and all major Web applications have seen their users targeted by phishing attempts.  End-user awareness and education is the best defense, and to that end, we have raised the profile of our information on phishing on the salesforce login page, and trust.salesforce.com/security.

 

Detection:

When customers have forwarded us samples of these emails, Salesforce.com immediately starts an investigation to determine the location of any rogue IP addresses and have the sites shut down. Once shut down SFDC will continue to investigate, including tracing the patterns of activity from suspicious IP addresses.

 

Should the Salesforce.com Support team be informed of any suspicious communications, particularly related to phishing attempts that affect our customer base, the Salesforce.com Support team will take the necessary proactive steps to protect customer security:

 

Support Team Responsibility and Actions:

 

  1. Disable user account affected
  2. Reset the user password
  3. Contact affected user and/or Administrator
  4. Explain steps to prevent phishing attempts
  5. Log this activity in a case to preserve the audit trail of actions performed including resetting password, communication etc. The case should have a subject line <Phishing  Date & Time Stamp>

 

 

Customer Education and Best Practices:

The Anti-Phishing Working Group www.antiphishing.org has been focusing on this issue and has a list of best practices. 

 

Customer Prevention:

Protect Your Password

-  Never share your password with anyone--ever.

-  Never reply to an email requesting your user name, password, or other sensitive information.

-  Use a unique password for each online account.

-  Use a strong password that would be difficult to guess, even for someone who knows you well. Use a combination of uppercase and lowercase letters, numbers, and symbols. If you receive a suspicious email asking for your Salesforce username or password, forward the email to security@salesforce.com or report the details via Trust, https://trust.salesforce.com/trust/security/reportsecurityissue/.

Always Log In Through Our Secure Site

-  Be suspicious of emails that include links to the Salesforce log-in page.

-  Log in to Salesforce only at the following, secure site: https://www.salesforce.com/login.jsp

-  If you are not sure that the page you clicked to is the legitimate Salesforce log-in page, launch a new browser and get to the page by either:
 -   Typing https://www.salesforce.com/login.jsp (don't forget the "s" in "https")
 -   Typing www.salesforce.com, then clicking the Customer Login tab.

-  Look for the lock icon in the bottom-right corner of your browser to ensure you have a secure connection to our site.

 

Learn to Identify Suspicious Emails

-      Be wary even if the email or site uses some of salesforce.com's images and logos--many fraudulent sites use copyrighted images taken from the Web.

-      Never enter confidential information into forms embedded within email messages.

-      Do not respond to email requests for passwords, credit card numbers, or other sensitive data. Salesforce.com and other legitimate companies never request private data via email (or phone).

 

Additional Information:

These issues receive the full attention of both salesforce.com management, external security consultants, and where, appropriate, legal authorities.  There is no finish line on security, and no priority higher than protecting our customers' data.





promote demote