Hackers Use Modified Salesforce App to Trick Employees and Extort Companies

Hackers Use Fake Salesforce App and Vishing to Steal Corporate Data

Sophia Rodriguez
By Sophia Rodriguez Add a Comment

Hackers are targeting companies in Europe and the Americas by tricking employees into installing a fake version of a popular Salesforce tool. This scam lets attackers steal sensitive data and gain unauthorized access to corporate networks. This cyberattack is one example of the risks associated with employee awareness and cloud security.

What’s Happening & Why This Matters

Google’s Threat Intelligence Group tracks a hacking campaign, UNC6040, that impersonates Salesforce’s Data Loader app. This app typically helps bulk import data into Salesforce systems. Hackers use voice phishing (vishing) calls to convince employees to approve the fake app. Once installed, the attackers gain deep access to the company’s Salesforce data and internal systems.

The hackers can then steal large volumes of sensitive information and move laterally across other cloud services and internal networks. Google links this operation to “The Com,” a loosely organized cybercriminal network known for various illicit activities.

Over the past few months, approximately 20 organizations have fallen victim to this scheme, with some experiencing actual data theft. Salesforce confirms the attack exploits social engineering, not platform flaws. The company stresses that this is not a widespread platform vulnerability, but rather a targeted scam aimed at employee awareness.

In March 2025, Salesforce warned customers about the rising threat of vishing attacks and malicious versions of Data Loader. They urge users to remain vigilant and follow best cybersecurity practices.

This incident exposes how cybercriminals exploit trust in popular enterprise tools and the critical need for strong user training. Organizations relying on cloud services must enhance their defenses against social engineering.

TF Summary: What’s Next

Companies should prioritize cybersecurity training that focuses on social engineering tactics, such as vishing. Implementing strict app approval protocols and multi-factor authentication can limit attacker access. Salesforce and other cloud providers will continue to refine security features, but human vigilance remains essential.

As cyber threats become more sophisticated, businesses must strengthen both technical controls and employee awareness to protect sensitive data. Expect further efforts to secure enterprise cloud environments against similar campaigns.

— Text-to-Speech (TTS) provided by gspeech

Share This Article
Avatar photo
By Sophia Rodriguez “TF Eco-Tech”
Background:
Sophia Rodriguez is the eco-tech enthusiast of the group. With her academic background in Environmental Science, coupled with a career pivot into sustainable technology, Sophia has dedicated her life to advocating for and reviewing green tech solutions. She is passionate about how technology can be leveraged to create a more sustainable and environmentally friendly world and often speaks at conferences and panels on this topic.
Leave a comment
Register Lost your password?