Wednesday, 7 November 2007

Security Heads Up: Database Phished

Apparently an employee of Salesforce fell "victim" to a Phishing scheme and gave up the database info.

We have a number of clients that use the service, so we have been warning them to pay particular attention to emails that have seemingly legit personal information in them.

As part of our user training regimen, we tend to repeat ourselves to our users, "Never volunteer any information via email or over the phone."

This compromise of SalesForce's customer database clearly demonstrates that one needs to be very careful with their personal information.

The only time one should be typing information into a form, site, or whatever electronic means, or via phone is when they initiate the whole process from a fresh browser window or by dialing the company's phone number!

Via There are two other aspects to this situation that need to be addressed.

The first is that we, the technology support point of contact, need to be aware of the products and services that our clients use. This type of information should be a part of our client audit trail. This will facilitate our being proactive in protecting our client's interests.

The second, which is especially true in Canada, is: We need legislation that forces companies to reveal when our information is compromised.

Right now companies are terrified of that kind of thing happening. However, the TJ Maxx (Live search) huge compromise demonstrates otherwise. While they experienced a very large dip in business after the compromise announcement, their cash sales jumped, and their business has come back up to previous levels, if not higher.

We need to know so that we can take measures to protect our identity!

By the way folks, if you haven't already done so, sign up to one of the credit monitoring services provided by the major credit bureaus in your country. In Canada and the U.S. it is Trans Union and Equifax.

We get weekly reports generated when ever anything hits our credit profile. It is an effective way to know if someone has your identity and is trying to setup credit in your name. This provides us with an ability to be preemptive if we see bad things happen and mitigate any disastrous circumstances around our credit.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

No comments: