Case Studies

AI-Powered Tender MatchingProduct Engineering
AI-Driven In-Store Operations IntelligenceAI & Automation
AI-Powered Industrial Quality ControlAI & Automation

View All Case Studies

AI in Cybercrime: Google Warns of Vishing Attacks Using Fake Salesforce Apps

Google’s Threat Intelligence Group (GTIG) has issued a critical warning about an ongoing vishing campaign—a form of social engineering in which cybercriminals impersonate IT support staff via voice calls to compromise corporate systems. The attacks have targeted industries such as hospitality, retail, and education across Western regions. It leverages human manipulation rather than software vulnerabilities.

In this campaign, attackers posed as IT support agents and convinced employees to download a malicious version of Salesforce Data Loader, a legitimate tool commonly used to manage large volumes of Salesforce data. Once installed, the malware granted attackers deep access to company Salesforce environments, allowing them to exfiltrate sensitive information. At least 20 organizations have reported data theft, though the number could be higher.

Key highlights from the report:

Malicious activity links to UNC6040, a group believed to be affiliated with cybercriminal collectives like ShinyHunters and The Com.

Extortion demands often delay, indicating a possible division of labor between data theft and ransom negotiations.

No Salesforce vulnerabilities were exploited—employee deception was the primary attack vector.

Google emphasized that AI may be amplifying these voice-based scams by improving the realism of phishing attempts, making it harder for employees to distinguish between legitimate and fake IT support. As AI tools become more accessible, vishing campaigns expects to grow more sophisticated and widespread.

The report underscores a vital point: human error remains one of the most exploitable weaknesses in cybersecurity. Organizations urges to train staff on the dangers of phishing variants, including vishing, smishing, and quishing, and to implement stronger verification protocols for remote IT requests.

As generative AI lowers the barrier for executing personalized cyberattacks, building a culture of cyber vigilance is now more critical than ever.

Source:

https://www.techradar.com/pro/security/fake-it-support-voice-calls-lead-to-cyber-extortion-and-stolen-company-data

Get Started

Ready to Build Your Next Product?

Start with a 30-min discovery call. We'll map your technical landscape and recommend an engineering approach.

000 +

Engineers

Full-stack, AI/ML, and domain specialists

00 %

Client Retention

Multi-year partnerships with global enterprises

0 -wk

Avg Ramp

Full team deployed and productive