Salesforce Phishing Scam Exposed: Google Among the Victims
In June, Google uncovered a widespread phishing campaign targeting Salesforce customers. The perpetrators masqueraded as IT personnel to deceive account holders into granting access under the guise of urgent troubleshooting.
Interestingly, just a couple of months later, Google itself became a victim of this same ploy. This string of cyber-attacks is orchestrated by financially motivated criminals who aim to extract sensitive data, intending to sell it back to the affected companies at extortionate rates.
Rather than exploiting traditional software vulnerabilities, these attackers employ social engineering tactics, compelling a surprisingly high number of employees to cooperate unwittingly. Companies like Adidas, Qantas, and Allianz Life, alongside esteemed names like Louis Vuitton, have fallen prey to this scam.
The strategy involves exploiting a Salesforce feature that permits the integration of third-party apps. Attackers manipulate employees to install an external app and provide an eight-digit security code essential for integration. This security code grants attackers full access to the Salesforce data.
Google confirmed that its own Salesforce instance was compromised earlier in June. However, the breach was only disclosed recently, indicating the company may have only become aware of it after the fact. The hacked data was business-related, such as company names and contact details, which are already publicly accessible.
The attacks have been associated with a group known as UNC6040, while a second entity, UNC6042, often referred to as ShinyHunters, is known for engaging in extortion, sometimes months after the initial intrusion. ShinyHunters is reportedly setting up a data leak site to further pressure victims.
With numerous corporations victimized, including Google, there are likely many more undisclosed cases. Salesforce users are urged to review their system access points rigorously, employ multifactor authentication, and educate employees to detect and thwart scams before they transpire.
