How can we prevent phishing attacks in Salesforce? - Forcetalks

Tagged: Data Security, Field Level Security, Phishing, Phishing Attack in Salesforce, Record Level Security, Salesforce Security, Salesforce Security Review

Salesforce® Discussions

How can we prevent phishing attacks in Salesforce?

Posted by Manpreet on January 24, 2018 at 1:28 PM

How can we prevent phishing attacks in salesforce?

Mohit replied 8 years, 3 months ago 2 Members · 1 Reply
1 Reply

Mohit

Member
January 29, 2018 at 8:41 AM
Hi Manpreet,

Phishing is a social engineering technique that attempts to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishers often direct users to enter details at a fake website whose URL and look-and-feel are almost identical to the legitimate one.

Salesforce Ongoing actions to avoid phishing:-
- Actively monitoring and analyzing logs to enable proactive alerts to customers who have been affected.
- Collaborating with leading security vendors and experts on specific threats.
- Executing swift strategies to remove or disable fraudulent sites (often within an hour of detection).
- Reinforcing security education and tightening access policies within Salesforce.
- Evaluating and developing new technologies both for our customers and for deployment within our infrastructure.
Salesforce recommendation to avoid phishing:-
- IP range restrictions.
- Decrease Session Timeout Thresholds
- Educate Users About Phishing.
- Two-Factor Authentication.
- Salesforce Password Policies.
- Use Transaction Security to monitor events and take appropriate actions.
Hope this may help you.

Log In to reply.