With a recent string of successful cybersecurity attacks, Salesforce users should be aware of recent voice phishing attacks (aka “vishing”) targeting their accounts and businesses.

Guidelines from Mandiant, a cybersecurity firm and subsidiary of Google, have outlined a criminal gang known to Google as “UNC6040” have utilized vishing attempts to trick employees into granting access into Salesforce accounts. The research within the report states that UNC6040 has been successful “in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements.”

The businesses that have been the most susceptible to falling victim to these vishing scams are English-speaking branches of multinational corporations, though other smaller businesses and firms are also targeted in the attacks. The attack tricks employees into granting the UNC6040 attackers into sharing sensitive login credentials and culminates with the total theft of the organization’s Salesforce data. In all observed cases of these successful attacks, the attackers only manipulated employees and end users into giving up sensitive data. There was no manipulation of a vulnerability in Salesforce itself.

When it comes to preventive measures on how to prevent your business from suffering a breach or attack, whether it be from UNC6040 when it comes to Salesforce or beyond. All employees should be trained to do the following:

• Recognize that most vendors will not call and ask for login credentials or other sensitive information.
• Hang up on the caller, ending the call without providing any access or information to anyone.
• Call a verified number for the account manager of the vendor in question. Rely solely on trusted and verified contact information only, such as on-file contact information.
• Require explicit confirmation from the account manager, most preferably any way of vocal confirmation, before processing any requests or providing any information.
• In the event it is discovered to be an attempted vishing attack, immediately alert the company’s IT team of the event.

Any business is only as strong as its weakest user, so even the most robust cybersecurity measures will break down if everyone in the organization is trained on proper verification procedures. Otherwise, your business could be at risk of detrimental vishing scams that may destroy your business.

Protecting your business from vishing and phishing scams is one of the most important yet overlooked things when it comes to operations and IT management. If your business is in need of a cybersecurity checkup, reach out to us!