Loading
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Phishing and Malware

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Phishing and Malware

            Protect your Salesforce data from phishing and malware attacks by understanding the risks, following security best practices, and staying informed about the latest threats.

            If you notice something suspicious regarding your Salesforce instance, like receiving a suspicious email or phone call posing as Salesforce, please report the phishing attempt immediately at https://security.salesforce.com/contact, in addition to your own IT or security team.

            Trust starts with transparency. That’s why Salesforce displays real-time information on system performance at https://trust.salesforce.com/. For security-specific information, customers can visit https://security.salesforce.com/ to learn more about current and recent phishing and malware attempts, and get tips on security best practices for your organization. The Security site includes valuable information that can help you safeguard your company's data. In addition to security best practices, the site provides information on how to recognize and report phishing attempts and information on current malware campaigns that could impact Salesforce customers.

            • Phishing is a social engineering technique used to acquire sensitive information. This can include usernames, passwords, and credit card details. It works by masquerading as a trustworthy person or entity. Phishing can occur via email, text messaging, phone calls, and other avenues. Phishers often direct targets to click a link and enter valuable information or to open an attachment with the goal of downloading malware onto the target’s device. As the Salesforce community grows, it becomes an increasingly appealing target for phishers. You’ll never get an email or a phone call from a Salesforce employee asking you to reveal your login credentials, so don’t reveal them to anyone. Report suspicious activities or emails regarding your Salesforce instance directly to the Salesforce Security team at https://security.salesforce.com/contact
            • Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It’s a general term used to cover various forms of hostile or intrusive software, including computer viruses and spyware. For a list of current security advisories, go to https://security.salesforce.com/security-advisories.

            What Salesforce Is Doing About Phishing and Malware

            Security is the foundation of our customers’ success, so Salesforce continues to implement the best possible practices and security technologies to protect our ecosystem. Recent and ongoing actions include:

            • Actively monitoring and analyzing logs to enable alerts to our customers who have been affected.
            • Collaborating with leading security vendors and experts on the most effective security tools.
            • Ongoing security education and engagement activities for Salesforce employees.
            • Creating processes for developing products with security in mind.
            • Proactively sharing security best practices with customers and partners through https://security.salesforce.com/ and other ongoing activities.

            What Salesforce Recommends You Do

            Salesforce is committed to setting the standards in software-as-a-service as an effective partner in customer security. In addition to our internal efforts, Salesforce strongly recommends that customers implement the following changes to enhance security.

            • To safeguard access to your network, Salesforce requires that all logins use multi-factor authentication (MFA).
            • To activate IP range restrictions, modify your Salesforce implementation. These restrictions allow users to access Salesforce only from your corporate network or VPN. For more information, see Set Trusted IP Ranges for Your Org.
            • Set session security restrictions to make spoofing more difficult. For more information, see Modify Session Security Settings.
            • Educate your employees not to open suspect emails and to be vigilant in guarding against phishing attempts.
            • Use security solutions from leading vendors to deploy spam filtering and malware protection.
            • Designate a security contact within your organization so that Salesforce can more effectively communicate with you. Contact your Salesforce representative with this information.
            • Use Enhanced Transaction Security to monitor events and take appropriate actions. For more information, see Transaction Security .

            Salesforce has a Security Incident Response Team to respond to any security issues. To report a security incident or vulnerability to Salesforce, contact the Salesforce Security Team atsecurity.salesforce.com/contact. Describe the issue in detail, and the team will respond promptly.

            Email Awareness Best Practices

            Phishing scams use fraudulent emails to get users to reveal confidential information. Such emails typically look like they come from a legitimate organization and can contain links to what appears to be that organization's site. However, the site is actually a fake site designed to capture information.

            As these scams get more sophisticated, it can be tough to know whether an email is real or fake. For example, phishing emails can include malicious links from force.com domains. And Salesforce orgs that generate cases from inbound email can include malicious content from those emails in the cases themselves.

            The best way to avoid becoming the victim of a phishing or malware attack is to know what to look for. We recommend that you apply the same best practices for cases generated through Salesforce as you do for phishing emails:

            • Don’t click links or open attachments in emails and email-generated cases, unless you were expecting to receive it.
            • Treat all emails and cases originating from external email addresses as potentially untrustworthy.
            • If an email or email-generated case contains messages instructing you to do any of the following, it’s most likely a phishing attempt:
              • Click a link.
              • Open an attachment.
              • Validate your password.
              • Log in to your account.
              • Enter personal details or credentials.

            If you receive a phishing email or Email-to-Case, delete it and notify your internal IT team. We appreciate your trust in us as we continue to make your success our top priority.

             
            Loading
            Salesforce Help | Article