New Salesforce Email Threat

Our newest partner Adallom, proves once again that they are the leader in risk management and security for Cloud Applications. 

Last weekend they began to receive alerts of an email masquerading as an official communication from Salesforce.

The emails looked like this:

Date: February 16, 2015 at 8:13:09 AM CST
From: “” <>
To: [redacted]
Subject: Payment confirmation – credit card charged
Dear user,
Thank you for purchasing Salesforce Performance Plus plan.
This message is a confirmation that your credit card has been charged.
Service : Salesforce Performance Plus Date : 16/2/2015 Amount : 1600 USD Transaction # : 7891048
For more information regarding this payment, please check the attached merchant receipt. Note: This payment will appear on your statement as “SalesForce AUTH #7891048″
Thank you.

The email included an attachment named “sf_trans_7891048.doc”

Adallom's analysis indicates that the attack origins are from a Russian Federation IP. They believe there is a reasonable likelihood that the primary purpose of this attack is for botnet purposes and secondary is credential and PII theft.

You can read the full article here.

How do you detect unauthorised access to or your other cloud applications?

Even if you do, would you know if an account was being used in an unauthorised manner?

Contact us to discuss how Adallom can can help you prevent modern attacks, comply with government and industry regulations, as well as monitor, and verify the endless human interactions with SaaS applications.

Additional information