Fake IT support calls hit 20 orgs, end in stolen Salesforce data and extortion, Google warns A group of financially motivated cyberscammers who specialize in Scattered-Spider-like fake IT support phone calls managed to trick employees at about 20 organizations into installing a modified version of Salesforce's Data Loader that allows the crims to steal sensitive data. Google Threat Intelligence Group (GTIG) tracks …
Exactly, most organisations suspend access to something in question and leave it to you to figure it out and call in.
Perhaps an e-mail or notification if you are lucky.
Microsoft, Salesforce, Oracle etc DON’T fucking call you unless you pay them handsomely for a support contract.
The only reason Oracle would ever reach out to you voluntarily without reason is for an unwanted licence visit from The Bottom Inspectors.
That probably not fair tbh.
I am a supporter of the swiss cheese model of causation since it doesn't try to symplify things down to 'how dumb are those people'.
Are they over worked or under pressure to do everything fast due minimal resourcing which has removed all spare time to think the situation through?
Why did the training not lead the individuals to react differently?
Why did the system not block the connection request?
Why was the infiltration not picked up?
Why were they able to traverse the network?
Why was the exfiltration of the data not picked up?
If you let the business just let the overworked non-tech staff take the blame you're letting them off
Absolutely.
But in that case the business failed to build their security controls around that fact.
"I pay peanuts and I employ monkeys, my staff will click on anything and are easily fooled therefore the technical controls around my systems must account for it".
So an addendum would be that the managment are also fucking stupid.
I'm usually semi-sceptical of the IT training solution to this issue. Because I'm pretty sceptical of any corporate training's effectiveness - especially online teach'n'test packages.
But this does sound like pretty fundamental stuff. Very much on the "What were they thinking" level. If they were thinking. Surely though staff who can fall for this stuff shouldn’t be working at a level where they can download and run anything.
Who in their right mind allows staff to download and install sh1t on their computer? Er, actually I do because MS doesn’t supply a free package manager that requires admin creds to install. As a result those on the lower tier of MS365 have to allow staff to install updates for software that doesn’t come through Windows Update.
Linux is looking very attractive from that perspective…..
This post has been deleted by its author
I'm betting these end users, whether lowest on the totem pole or not, are highly trained in everything except how not to leave the back door open.
Extremely pathetic scripted comment from Salesforce claiming systems weren't hacked. Uh, no. You failed at the most basic anti-hacking fundamental that is the foundation of corporate security:
Don't download and open anything from anyone claiming to be IT! The IT department already manages your program updates!
How are people still this naïve in 2025?
"How are people still this naïve in 2025?"
By there being really good and motivated people that will social engineer like a boss. If I'm pretty sure I can make $50k over the next week by getting a few suckers to install some malware, and I'm a bit of a slime, that's a pretty good reward for a tiny bit of indoor work that doesn't require any heavy lifting.
The conversations I’ve heard my spouse having with colleagues when trying to help them with trivial software tasks demonstrates how vanishingly easy it can be to fool them.
These are otherwise bright people in positions where they are in charge of customer accounts.
They continuously struggle with basic tasks and spend a lot of time annoying the IT department.
There’s the weak link - they are wide open to be exploited.
“Hi, it’s Dan from IT, I understand you are having difficulty with sales force, how can I help?”
All the basic security training they’ve had goes out the window, they’ve got IT on the line who can help them with all sorts of problems.
It may be that attackers try multiple times before getting their mark, but it only takes one hit and they are in.
The solution is simple, don’t allow employees using sensitive systems to install software.
Their computers really should be nothing more than dumb terminals.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
