This has led to a wave of phishing attacks targeting Salesforce.com’s customers, this time trying to get them to download keystroke loggers and other malware, with the potential for the customers to also find themselves the victims of data leaks.
These attacks have highlighted how technology suppliers and retailers, as well as consumers, need to be on their guard for this type of crime.
Phishers send spoof e-mails to lure computer users to reveal personal details, such as their login details in the case of the Salesforce.com employee, which the phisher can use to commit fraud.
Traditionally, consumers have been the victims of data theft and phishers have focused on gaining access to bank accounts as a quick way to commit a profitable fraud. However, as financial services firms have embarked on consumer education programmes and employed technology to crack down on these attacks, the fraudsters are turning elsewhere.
Many retailers and online payment companies, such as PayPal, do a pretty good job of reminding customers that they should never disclose their personal details after being requested to do so by e-mail. But how many companies out there also highlight the risk to their own staff? Not many, I would guess.
For instance, how many of your staff do you think might respond to an e-mail that appeared to have come from your IT department asking for their password because there was a problem with their e-mail account? And, once information like this is gleaned, how easy is it for fraudsters to gain access to your network and customer information to target them?
Initiatives like the Payment Card Industry Data Security Standard go a certain way to prevent customer data breaches, for instance, requiring retailers to have individual logins and passwords for each user on the corporate network.
Unless retailers educate their staff, as well as customers, not to give these details away, then much of the time and money being spent on adhering to the standard may be in vain.
No comments yet