Google Threat Intelligence Group Warns of Social Engineering and Data Extortion Attacks Targeting Salesforce
According to a report from the Google Threat Intelligence Group, a cybercriminal operation has been using social engineering tactics to trick organizations into granting them access to their Salesforce Data Loader tools; from there, the criminals are stealing data and gaining further access to the organizations’ networks. The campaign, which uses voice-based phishing techniques, has targeted roughly 20 organizations to date. The threat actors have attempted to extort the organizations using the stolen data as leverage. In some of those cases, the extortion activity did not begin until several months after the initial attack. In March, Salesforce published guidance designed to help users protect their Salesforce environments from social engineering attacks.
Editor’s Note
[Neely]
The mitigations, MFA, least privilege, monitoring, and validation of application connector, in the Google blog, are applicable to all your platforms. Reinforce that with the latest security guidance from your providers to make sure you don’t miss a trick. Consider adding social engineering (including vishing) exercises to your security training.
[Dukes]
An in-depth report that highlights what most of us already know, social engineering is an attack enabler. Perhaps it’s time for us adults to revisit an early childhood classroom teaching: STOP, THINK, ACT. A little self-regulation can go a long way to protecting yourself and the company. If that doesn’t work, then by all means follow the best practices espoused in the Salesforce blog post.
[Murray]
There will never be enough such warnings to make a difference. The problem is not intellectual but emotional. The appeals are to greed, lust, fear, and curiosity. We are built to respond.
[Neely]
The mitigations, MFA, least privilege, monitoring, and validation of application connector, in the Google blog, are applicable to all your platforms. Reinforce that with the latest security guidance from your providers to make sure you don’t miss a trick. Consider adding social engineering (including vishing) exercises to your security training.
[Dukes]
An in-depth report that highlights what most of us already know, social engineering is an attack enabler. Perhaps it’s time for us adults to revisit an early childhood classroom teaching: STOP, THINK, ACT. A little self-regulation can go a long way to protecting yourself and the company. If that doesn’t work, then by all means follow the best practices espoused in the Salesforce blog post.
[Murray]
There will never be enough such warnings to make a difference. The problem is not intellectual but emotional. The appeals are to greed, lust, fear, and curiosity. We are built to respond.
Read more in:
– cloud.google.com: The Cost of a Call: From Voice Phishing to Data Extortion
– www.salesforce.com: Protect Your Salesforce Environment from Social Engineering Threats
– therecord.media: Google warns of cybercriminals targeting Salesforce app to steal data, extort companies
– www.theregister.com: Fake IT support calls hit 20 orgs, end in stolen Salesforce data and extortion, Google warns
– www.securityweek.com: Google Warns of Vishing, Extortion Campaign Targeting Salesforce Customers
– www.helpnetsecurity.com: Attackers fake IT support calls to steal Salesforce data
– www.bleepingcomputer.com: Google: Hackers target Salesforce accounts in data extortion attacks
– cyberscoop.com: Salesforce customers duped by series of social-engineering attacks
This Article was featured on SAN’s newsletter of June 6, 2025 Vol. 27, Num. 43
