Last year, we wrote about a story we heard. Someone who was using an API-based competitor for email security told us about a mail rule they have: every email that goes to a service@company.com or info@company.com address automatically creates a case in Salesforce. Many organizations have similar setups. For example, customer service emails automatically get forwarded to Jira and a case is created. Wherever it's going, it's an effective way for customer service and sales development teams to instantly be alerted of a potential issue or new deal.

The customer who spoke to us, though, was dismayed. They were looking at hundreds of emails that were going directly into Salesforce--many of them malicious. In fact, this is the type of campaign they would see. 

This links to a fake OneDrive page, as you can see in our interactive URL Sandbox. 

6

Our AI clearly saw this as malicious--in fact, as malicious as it can get. 

 

3-1

 

But because of the way API-based solutions work, there's nothing to be done. Even if the email is remediated within the inbox , it automatically gets forwarded to Salesforce, malicious or not.  We call this the Automatic ForwardingProblem. 

API solutions work by scanning the email the instant it makes it into the inbox. Sometimes this is done in seconds. Other times, not as much. Regardless, the email is forwarded along. This applies to anything that is forwarded to an external mailbox, whether it's in Salesforce, Jira, Zendesk--you name it.

This customer came back to Avanan to do a two-week POC. In two weeks, we saw 353 emails going to Salesforce, like the one above, that they have to sift through.

Now, with Avanan firmly in place, they don't have to worry. We block the malicious email like the one above before it reaches the inbox--and before it can be forwarded along to Salesforce. 

Practically every company has these rules put in place. The end destination may change, but the process is the same. Attackers are using these contact us forms to share credential harvesting and other attacks.

With API-based, detect and remediate solutions, you are left unprotected and are vulnerable to these types of attacks

It's why this company came back to Avanan.