Highly Targeted Phishing From Salesforce.com Leak 72
An anonymous reader writes "Salesforce.com has finally acknowledged what security experts have suspected for weeks: that a Salesforce.com employee had his company credentials stolen in a phishing scam, and criminals have been using names and e-mail addresses from Salesforce's customer list to conduct other highly targeted phishing attacks, including the recent round of fake e-mails apparently from the Federal Trade Commission." In such hightly targeted attacks, the AV companies are at a loss — they have little chance of quickly developing signatures for threats that only reach a few thousand victims.
Re:When technology is not the answer (Score:3, Informative)
I think that's a fair representation of the current state of affairs. Moreover, it pretty much sums up the beginning, middle and end of most malware issues. From the article:
Seems to be that user training and education demands too much of everyone, and is too hard and too expensive. Instead, the "Let's continue the search for outside solutions to protect us from ourselves." approach, instead of being regarded as something that resembles the Lord's Prayer, thus becomes a rational business decision.
Re:the only option (Score:2, Informative)
This is incredible (Score:3, Informative)
Bottom line is, how can you keep such breach a secret for 7 months without telling your clients at the very least? I have yet to receive an email from them about this. No correspondence has happened between them and us.
Oh, and the SalesForce "security" person was saying that the law enforcement has found where the phisher is located and that "if they have not aprehended him already, they will soon do so".... Whatever. BS.