Google’s Threat Intelligence Group says a vishing threat called UNC6040 has been targeting Salesforce applications with a fake data loader.

In an active campaign, a financially motivated threat actor is voice phishing (Vishing) Salesforce customers to compromise their organizational data and carry out subsequent extortion.

Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.

Cybercriminals are stealing business Salesforce data with this simple trick - don't fall for it The goal is to steal large amounts of confidential data in an attempt to extort the victims.

A financially motivated hacker group has been targeting Salesforce instances for months in a campaign that uses voice phishing to engage in data theft and follow-on extortion attempts, according ...

A new Google Cloud Threat Intelligence report has revealed a sophisticated vishing campaign targeting Salesforce environments, enabling large-scale data theft and extortion. The operation ...

Hackers posed as Salesforce IT staff, using vishing to trick employees into installing malicious software for data theft and extortion.

A wave of data-theft attacks against Salesforce CRM customers have now compromised Google in addition to numerous other major companies.

The IOD Data Loader Service is a bi-directional integration offering that allows Salesforce administrators to automate many Salesforce integration processes such as synchronising account ...

Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.