20 Firms’ Salesforce CRM Hacked with Low-Tech Method

Voice phishing

A bunch of hackers impersonated IT staff and lured employees into installing a rogue version of Salesforce Data Loader to gain access to the firm’s CRM, revealing sensitive information and corporate networks. 

The breach affected English-speaking branches of multinational companies. The Google Threat Investigation Group claimed that there was no vulnerability in the Salesforce app. Rather, the major weakness was the staff’s lack of awareness of best cybersecurity practices.

The attackers, linked to the loosely organized “The Com” collective, rely on social engineering rather than software flaws. Social engineering is the tactic of manipulating, influencing, or deceiving a victim in order to gain control over a system or to steal confidential data. It’s an age-old hacking strategy that has been misleading unsuspecting users for years.

ILOVEYOU virus

The most prominent case of social engineering occurred in May 2000, when a Filipino computer science student created a malware that infected millions of personal computers worldwide. The bug was stored in an email with a subject “ILOVEYOU” and the attachment “LOVE-LETTER-FOR-YOU.TXT.vbs”

Experts say the bug wasn’t exactly the most intricate and sophisticated virus created. The reason it spread like wildfire was that it capitalized on the inherent human need to read or hear the words “I love you.”

The Salesforce case is less existential but equally critical. The hackers commenced their attack during the work rush, when employees were preoccupied with multiple tasks simultaneously. The call from the IT department was seen as a routine assignment and part of the everyday humdrum. 

In a world where tech platforms are among the most valuable assets, employees are keenly aware that minor and major updates are necessary to keep them running optimally. They instinctively agree to a software update, gloss through the new features outlined, and mindlessly enter “connection codes,” not knowing that they’ve just rolled the red carpet to nefarious elements. 

Arming your troops

The fact that staff were active participants in the breach proves that while sophisticated cyberstructures, multiple-factor authentications, and other related measures are vital, an educated staff is the ultimate safeguard against hacks. 

Hiring a third-party cybersecurity expert is one thing. But the most crucial step in protecting your organization’s digital assets is equipping your personnel with the necessary tools and knowledge to avoid breaches.

Firms must foster a culture of caution to prevent these hacks. Companies should not hesitate to add a new step in workflows if it means strengthening defenses against hacks. Updates should be announced in advance before implementation, if possible. Additionally, they could hold regular seminars to educate employees about how hackers operate.

It’s a lot of work, but these measures are a must in the world we live in today. Prevention is better than cure. We must not wait for our systems to malfunction or our data to be held hostage before taking action. Firms must invest ample time and resources now to avoid future mishaps.

The question for your business

How do you ensure your business is protected from cyberattacks?

Read more thought leadership articles here:

• AI Threatens Gen Z Employment
• Is AI a Haven for Fraud?