• Menu
  • Skip to right header navigation
  • Skip to main content
  • Skip to primary sidebar

DigiBanker

Bringing you cutting-edge new technologies and disruptive financial innovations.

  • Home
  • Pricing
  • Features
    • Overview Of Features
    • Search
    • Favorites
  • Share!
  • Log In
  • Home
  • Pricing
  • Features
    • Overview Of Features
    • Search
    • Favorites
  • Share!
  • Log In

Google warns of social engineering scheme targeting Salesforce users that steals data on a large scale and then try to extort the targeted company

June 6, 2025 //  by Finnovate

Google Threat Intelligence Group warned that an organization specializing in voice phishing (vishing) is targeting Salesforce users. The attackers, dubbed UNC6040, have repeatedly been successful in recent months in breaching networks through social engineering schemes. UNC6040’s operators contact companies by telephone, impersonate IT support personnel, and trick employees into granting the attackers access or sharing credentials that can be used to steal the organization’s Salesforce data. In all observed cases, attackers relied on manipulating end users, not exploiting any vulnerability inherent to Salesforce. Once they have compromised the Salesforce instance, the attackers steal data on a large scale and then try to extort the targeted company. In some instances, extortion activities haven’t been observed until several months after the initial UNC6040 intrusion activity, which could suggest that UNC6040 has partnered with a second threat actor that monetizes access to the stolen data. GTIG suggested in its blog post that companies defend against social engineering threats by adhering to the principle of least privilege, managing access to connected applications rigorously, enforcing IP-based access restrictions, leveraging advanced security monitoring and policy enforcement with Salesforce Shield, and enforcing multifactor authentication universally.

Read Article

Category: Cybersecurity, Innovation Topics

Previous Post: « Mind prevents data leaks using AI, combining a data security posture and data loss prevention in one unified platform.” Mind said its platform employs a multilayer classification system to identify sensitive data I
Next Post: Cognitiv AI personas transforms real-time consumer behavior data into dynamic audience profiles, revealing exactly which content triggers conversions to optimize targeting precision delivers 9X performance lift »

Copyright © 2025 Finnovate Research · All Rights Reserved · Privacy Policy
Finnovate Research · Knyvett House · Watermans Business Park · The Causeway Staines · TW18 3BA · United Kingdom · About · Contact Us · Tel: +44-20-3070-0188

We use cookies to provide the best website experience for you. If you continue to use this site we will assume that you are happy with it.