Scams are big business, social engineering is an art form, and anyone can be a target. As Mark Haley, scams expert for the Office of Fair Trading (OFT) puts it, ""There is a scam for everyone in the country...we tend to think that it is only those who are perhaps gullible, perhaps greedy, and we never say 'that's us'. Our experience is there is a scam for everyone to exploit everyone's vulnerabilities." (Source: http://www.oft.gov.uk/oft_at_work/consumer_initiatives/scams/)

A recent spate of targeted attacks hammers home this point. But first, let's back up to the common advice given to avoid email scams:

• Beware of email that does not come from a known, valid, email address
• Avoid links or attachments in email that comes from someone you would not ordinarily expect correspondence
• Be suspicious of email that does not address you by your correct name or include other valid personal information

Recently, a spate of highly targeted attacks were launched against customers of SunTrust bank and ADP. The emails attempted to gain legitimacy by leveraging the recipients already established trust relationships with the forged senders, addressing the recipients by their correct name and sometimes mentioning their employers' company name as well.

In short, following the basic rules of legitimate email.

The attacks ranged from phishing scams designed to extract banking credentials, to the installation of custom-created keylogger Trojans designed to capture keystrokes and screenshots from the infected user's computer.

Brian Krebs of the Washington Post has been researching these events from their first discovery, and was the initial reporter of a possible link between the targeted attacks and a compromise of a SalesForce.com database. Krebs was right. Yesterday, officials at SalesForce.com acknowledged that scammers had successfully phished an employee at Salesforce.com, gaining the virtual keys to a database of contact information which included customers of SunTrust bank and Automatic Data Processing (ADP). SunTrust is one of the largest banking organization in the U.S. and ADP is a U.S. Fortune 500 company that offers payroll and HR benefits management.