How can we prevent phishing attacks in Salesforce?

Hi Manpreet,

Phishing is a social engineering technique that attempts to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishers often direct users to enter details at a fake website whose URL and look-and-feel are almost identical to the legitimate one.

Salesforce Ongoing actions to avoid phishing:-

• Actively monitoring and analyzing logs to enable proactive alerts to customers who have been affected.
• Collaborating with leading security vendors and experts on specific threats.
• Executing swift strategies to remove or disable fraudulent sites (often within an hour of detection).
• Reinforcing security education and tightening access policies within Salesforce.
• Evaluating and developing new technologies both for our customers and for deployment within our infrastructure.

Salesforce recommendation to avoid phishing:-

• IP range restrictions.
• Decrease Session Timeout Thresholds
• Educate Users About Phishing.
• Two-Factor Authentication.
• Salesforce Password Policies.
• Use Transaction Security to monitor events and take appropriate actions.

Hope this may help you.