Companies’ Salesforce data is latest hacker target

Hackers Target Salesforce Data in Voice Phishing Spree: 20 Companies Hit

Cybersecurity alarms are ringing again as hackers target Salesforce data across the U.S. and Europe, using a highly deceptive tactic: voice phishing.

According to a report released by Google’s Threat Intelligence Group, at least 20 companies have fallen victim to a wave of attacks that combine social engineering and malware, with the goal of stealing corporate Salesforce credentials.

How the Attack Happened

The hackers, pretending to be IT support staff, called English-speaking employees at several firms. These fake support calls were crafted to steal login credentials or convince targets to install a malicious clone of a Salesforce tool.

Once inside the systems, the attackers would demand ransom — a tactic becoming increasingly common in enterprise cybercrime.

Today’s Related Posts

  • No related posts for today.

Salesforce initially issued a customer alert back in March, warning about a “recent rise” in phishing attempts mimicking legitimate Salesforce services.

The Victims So Far

While Google did not name the affected companies, this incident follows a string of high-profile data breaches in the retail sector, including:

  • Adidas

  • The North Face

  • Cartier

  • Victoria’s Secret

These brands reported cyberattacks in the past two months, primarily affecting customer contact information.

In the UK, ransomware attacks this year have hit:

  • Harrods

  • Marks & Spencer (expected losses: ~$400 million)

  • The Co-op

Who’s Behind the Attacks?

Google believes the campaign mirrors the tactics of a decentralized hacker group called “The Com”, which has ties to Scattered Spider—the same group responsible for the infamous MGM Resorts cyberattack in 2023.

British law enforcement also suspects this group may be linked to the recent ransomware hits on UK retailers.

What You Should Do

For Employees:

  • Be skeptical of any unsolicited IT calls

  • Never share credentials over the phone

  • Report suspicious activity to your security team immediately

For Companies:

  • Conduct phishing awareness training regularly

  • Implement multifactor authentication (MFA)

  • Monitor third-party access to critical tools like Salesforce

As this cybercrime wave grows, it’s clear that human vulnerability remains a key attack vector. Voice phishing is just the latest reminder that even trusted systems can be compromised through social engineering.

Tags
Share your love
Anish
Anish
Articles: 1483

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *