Industry News

AI Cybercrime: How To Avoid Vishing Attack

Ha Bui
Reading time: 2 min
AI Cybercrime: How To Avoid Vishing Attack

Summarize this post by:

Google’s Threat Intelligence Group (GTIG) has issued a critical warning about an ongoing vishing campaign-a form of social engineering in which cybercriminals impersonate IT support staff via voice calls to compromise corporate systems. The attacks have targeted industries such as hospitality, retail, and education across Western regions. It leverages human manipulation rather than software vulnerabilities. 

In this campaign, attackers posed as IT support agents and convinced employees to download a malicious version of Salesforce Data Loader, a legitimate tool commonly used to manage large volumes of Salesforce data. Once installed, the malware granted attackers deep access to company Salesforce environments, allowing them to exfiltrate sensitive information. At least 20 organizations have reported data theft, though the number could be higher. 

Key highlights from the report: 

  • Malicious activity links to UNC6040, a group believed to be affiliated with cybercriminal collectives like ShinyHunters and The Com. 
  • Extortion demands often delay, indicating a possible division of labor between data theft and ransom negotiations. 
  • No Salesforce vulnerabilities were exploited-employee deception was the primary attack vector. 

Google emphasized that AI may be amplifying these voice-based scams by improving the realism of phishing attempts, making it harder for employees to distinguish between legitimate and fake IT support. As AI tools become more accessible, vishing campaigns expects to grow more sophisticated and widespread. 

The report underscores a vital point: human error remains one of the most exploitable weaknesses in cybersecurity. Organizations urges to train staff on the dangers of phishing variants, including vishing, smishing, and quishing, and to implement stronger verification protocols for remote IT requests. 

As generative AI lowers the barrier for executing personalized cyberattacks, building a culture of cyber vigilance is now more critical than ever. 

 

Source: 

https://www.techradar.com/pro/security/fake-it-support-voice-calls-lead-to-cyber-extortion-and-stolen-company-data  

 

Ready to Build Your Next Product?

Start with a 30-min discovery call. We'll map your technical landscape and recommend an engineering approach.

Contact us

Get Industrial Insights Delivered to Your Inbox

By clicking "Subscribe" you agree to allow Eastgate Software to send newsletter emails to your address. For more information, please read our Privacy Policy.

About The Author

Ha Bui

Ha Bui

CEO & Founder, Eastgate Software

Ha Bui is the CEO and Founder of Eastgate Software. Since 2014, he has led the company's 12+ year engineering partnerships with Siemens Mobility and Yunex Traffic, building a 200+ engineer organization that delivers mission-critical ITS, FinTech, and enterprise software to German engineering standards.

Related Articles