Hackers are using a modified Salesforce app to trick employees and extort companies, Google says
The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.
A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organizations had data successfully exfiltrated, the spokesperson said.
A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.'
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was 'aware of only a small subset of affected customers,' and said it was 'not a widespread issue.'
Salesforce warned customers of voice phishing, or 'vishing,' attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
21 minutes ago
- Yahoo
Dollar braces for busy week of geopolitics and Fed speak
By Rae Wee SINGAPORE (Reuters) -The dollar dithered on Monday ahead of a key meeting between U.S. President Donald Trump and his Ukrainian counterpart Volodymyr Zelenskiy, while investors also looked ahead to the Federal Reserve's Jackson Hole symposium for more policy clues. Currency moves were largely subdued in the early Asia session, though the dollar steadied after last week's fall as traders further pared back bets of a jumbo Fed cut next month. The euro was little changed at $1.1705, while sterling edged up 0.07% to $1.3557. Against a basket of currencies, the dollar advanced slightly to 97.85, after losing 0.4% last week. Markets are now pricing in an 84% chance the Fed would ease rates by a quarter point next month, down from 98% last week, after a raft of data including a jump in U.S. wholesale prices last month and a solid increase in July's retail sales figures dimmed the prospect of an oversized 50-basis-point cut. "While the data don't all point in the same direction, the U.S. economy looks to be in okay shape in the third quarter," said Bill Adams, chief economist at Comerica Bank. "The Fed is likely to cut interest rates by year-end, either in September, when markets now price in a cut, or a few months later, when Comerica forecasts a cut." The main event for investors on Monday is a meeting between Trump and Zelenskiy, who will be joined by some European leaders, as Washington presses Ukraine to accept a quick peace deal to end Europe's deadliest war in 80 years. Trump is leaning on Zelenskiy to strike an agreement after he met Kremlin chief Vladimir Putin in Alaska and emerged more aligned with Moscow on seeking a peace deal instead of a ceasefire first. Also key for markets this week will be the Kansas City Federal Reserve's August 21-23 Jackson Hole symposium, where Fed Chair Jerome Powell is due to speak on the economic outlook and the central bank's policy framework. "I think (Powell) will also talk about the current economic conditions in the U.S., and that will be more policy relevant, that will be more interesting to markets," said Joseph Capurso, head of international and sustainable economics at Commonwealth Bank of Australia. "Given market pricing is very high for a rate cut in September, I think the risk is that Powell is hawkish, or is perceived to be hawkish, if he gives a balanced view of the U.S. economy." In other currencies, the dollar rose 0.11% against the yen to 147.34, after falling roughly 0.4% last week. Japan's government on Friday brushed aside rare and explicit comments from U.S. Treasury Secretary Scott Bessent who said the Bank of Japan was "behind the curve" on policy, which appeared to be aimed at pressuring the country's central bank into raising interest rates. The Australian dollar was up 0.1% at $0.65145, while the New Zealand dollar rose 0.15% to $0.5934, after falling 0.5% last week.
Forbes
23 minutes ago
- Forbes
Amazon's App Store Decision—48 Hours To Delete Your Apps
You have been warned. Amazon has confirmed that 'starting August 20, 2025, you will no longer have access to the Amazon Appstore on your Android device.' That's just 48 hours from now. The retail giant says it will now focus its efforts on its own devices. For anyone who has installed an app from the store, this is a potential security threat and you need to act before the deadline. All apps must be deleted. Per Android Police, 'once no longer supported, apps downloaded via the Amazon Appstore "will not be guaranteed to operate on Android devices." That means no support, which not only risks apps becoming 'highly unstable' but also means any security vulnerabilities will not be patched. While Amazon's advice is to install replacement or replica apps from Google's Play Store, you actually need to do more than that. Any apps you may have installed from Amazon's store need to be deleted. If they remain on your phone in an unsupported state, then it outs your device and your data at risk. Amazon also confirms that 'we will also be discontinuing the Amazon Coins program on August 20, 2025.' Those who have used the store and still have Amazon Coins will see those refunded, albeit details on how and when that will be done seem scarce. Android users should focus on Play Store only for apps, it remains your best bet when it comes to security safeguards and works in tandem with Android's core OS and the Play ecosystem that underpins it. That includes Play Protect, which protects your phone from dangerous apps from any source. It's also worth noting that Google is pushing a wider clampdown in third-party stores with its new Advanced Protection Mode, albeit Amazon would no doubt have been seen as an official store for all phones had it continued longer term.
Yahoo
38 minutes ago
- Yahoo
Google's AI pointed him to a customer service number. It was a scam.
Alex Rivlin was tackling a last-minute task for his European vacation. That's how he got snagged in an artificial intelligence-enabled scam. Rivlin, who runs a real estate company in Las Vegas, needed to book a shuttle to catch a cruise ship. From his kitchen table, he searched Google for the cruise company's customer service number, chatted with a knowledgeable representative and provided his credit card details. Subscribe to The Post Most newsletter for the most important and interesting stories from The Washington Post. Rivlin said that the number he called was highlighted in Google's 'AI Overviews' - AI-generated responses to some web searches. The next day, Rivlin saw fishy credit card charges and realized that he'd been fooled by an impostor for Royal Caribbean customer service. He'd encountered an apparent AI twist on a classic scam targeting travelers and others searching Google for customer help lines of airlines and other businesses. I found the same number he called appearing to impersonate other cruise company hotlines and popping up in Google and ChatGPT. Welcome to the AI scam era. Experts warn that old scammer and spammer tricks that have swamped the web, social media, email and texts are now also manipulating AI information - and Rivlin is among an early wave of victims. 'I'm pretty technologically advanced, and I fell for this,' said the founder of the Rivlin Group at lpt Realty. I'll walk you through how to guard against experiences like Rivlin's, and what companies such as Google should do to stop crooks from warping AI information. - - - How scammers fooled Rivlin and Google Rivlin told me that the bogus customer service number and the impostor representative were believable. The rep knew the cost and pickup locations for Royal Caribbean shuttles in Venice. He had persuasive explanations when Rivlin questioned him about paying certain fees and gratuities. The rep offered to waive the shuttle fees and Rivlin agreed to pay $768. Rivlin said that he was suspicious of oddities, including an unfamiliar company name that came through on the credit card charge. When two bogus card charges landed the next day, Rivlin knew he'd been tricked. He canceled his credit card and the charges were reversed. Rivlin mostly blames the crooks and himself for falling for the scam. But I've seen so many versions of similar trickery targeting Google users that I largely blame the company for not doing enough to safeguard its essential gateway to information. So did two experts in Google's inner workings. Here's how a scam like this typically works: Bad guys write on online review sites, message boards and other websites claiming that a number they control belongs to a company's customer service center. When you search Google, its technology looks for clues to relevant and credible information, including online advice. If scammer-controlled numbers are repeated as truth often enough online, Google may suggest them to people searching for a business. Google is a patsy for scammers - and we're the ultimate victims. Google's AI Overviews and OpenAI's ChatGPT may use similar clues as Google's search engine to spit out information gleaned from the web. That makes them new AI patsies for the old impostor number scams. 'Manipulating these new answer engines using techniques from 30 years ago is like shooting sitting ducks,' said Mike Blumenthal, analyst at Near Media, a consumer search behavior research company. (Blumenthal told me about Rivlin's Facebook video relaying his experience.) Blumenthal and I found Google and ChatGPT identifying the same number that fooled Rivlin as a customer service number for other cruise lines, including Disney and Carnival's Princess line. In a statement, a Google spokesman said that AI Overviews and web search results are effective at directing people to official customer service information for common types of searches. The spokesman said that the company has 'taken action' on several impostor number examples I identified and that Google continues to 'work on broader improvements to address rarer queries like these.' Royal Caribbean's customer service number is 1-866-562-7625, which the company says it shows on its websites, apps and invoices. Disney and Princess didn't respond to my questions. OpenAI said that many of the webpages that ChatGPT referenced with the bogus cruise number appear to have been removed, and that it can take time for its information to update 'after abusive content is removed at the source.' (The Washington Post has a content partnership with OpenAI.) - - - What you and companies can do to ward off this scam - Be suspicious of phone numbers in Google results or in chatbots. Rivlin said that he looked for Royal Caribbean's customer service contact number in its app. No luck. Google or chatbots are natural next spots to look for business numbers, but it's worth being extremely careful of numbers they show. Eyeball associated links in Google or ChatGPT before you call. Read more advice on fake customer service scams. - Why is Google making it easier for scammers? The company knows the long history of people being fooled by bogus customer service numbers they find in search results. You'd be safer if Google didn't show AI Overviews - which seem like authoritative 'answers' - for business number searches, said Lily Ray, vice president of search engine optimization strategy and research at the marketing firm Amsive. 'By allowing AI Overviews to appear for business phone number queries, they're opening up a new opportunity for scammers - and one that scammers are clearly already using to their advantage,' Ray said by email. Ray and Blumenthal say that Google has databases of vetted information, including for businesses, and that the company should ensure search and AI results only grab information from there. Back home this week after a great trip, Rivlin said that he's watching for more bogus charges or attempted identity theft. And Rivlin wants to spread the word that even being well informed about scams and a believer in AI didn't make him immune to AI-enabled trickery. 'I can't believe that I fell for it,' he said. 'Be careful.' Related Content Ukraine scrambles to roll back Russian eastern advance as summit takes place Her dogs kept dying, and she got cancer. Then they tested her water. D.C.'s homeless begin to see the effects of Trump's crackdown Solve the daily Crossword
