The Register: Fake IT support calls hit 20 orgs, end in stolen Salesforce data and extortion, Google warns

Jun 4, 2025

—

Source URL: https://www.theregister.com/2025/06/04/fake_it_support_calls_hit/
Source: The Register
Title: Fake IT support calls hit 20 orgs, end in stolen Salesforce data and extortion, Google warns

Feedly Summary: Victims include hospitality, retail and education sectors
A group of financially motivated cyberscammers who specialize in Scattered-Spider-like fake IT support phone calls managed to trick employees at about 20 organizations into installing a modified version of Salesforce’s Data Loader that allows the crims to steal sensitive data.…

AI Summary and Description: Yes

Summary: The text describes a recent cyberattack targeting various sectors, where scammers deceived employees into installing a malicious version of Salesforce’s Data Loader. This breach raises concerns about data security and recognizes the tactics used in social engineering attacks.

Detailed Description: The incident highlights the ongoing threat of cyberattacks, particularly those that exploit human vulnerabilities through social engineering. Here are the major points of significance:

– **Targeted Sectors**: The attack affects critical sectors such as hospitality, retail, and education, which often manage sensitive customer information.
– **Attack Methodology**: The perpetrators, identified as financially motivated scammers resembling the “Scattered-Spider” group, utilized deceptive tactics involving fake IT support calls to manipulate employees.
– **Malicious Software**: The scam involved a modified version of Salesforce’s Data Loader, which is typically used for data management, underscoring the risks associated with third-party software and tools.
– **Data Theft**: The installed malware enabled the attackers to steal sensitive data, posing significant privacy and compliance risks for the organizations involved.

**Implications for Security Professionals**:
– Organizations need to strengthen their employee training programs to recognize social engineering tactics and verify IT support requests.
– There should be enhanced security measures for software download procedures and third-party tool integrations to prevent unauthorized installations.
– Regular auditing of application permissions and data access can mitigate risks associated with malicious software.

This incident serves as a critical reminder of the evolving landscape of cyber threats and the importance of comprehensive security strategies in safeguarding sensitive information.

2 2025 4 5 a access Act AI and app Application art as attack attack method attack methodology attackers attacks audit auditing Bi breach C CERN CI CIA co compliance compliance risk compliance risks concerns critical Customer customer information cyber cyber threat cyber threats cyberattack Cyberattacks D data data access data management data security data theft de e education education sector employee training end Engineer engineering enhanced security enhanced security measures ERP event exp exploit extortion financial for g GIS Go Google Group gs H high Highlight hospital HR http HTTPS human implications implications for security in incident information installation integration integrations io J k l land led Li Loader low M malicious software malware man management measures mission ModI N NGO o of on one organization organizations oS out party party software permissions point pre privacy procedures professionals Q R Raise rate RCE red retail Risk risks Ro s safe sales Salesforce scam scammers sec sector security security measure security measures security professionals security strategies sensitive data sensitive information Sig SoC social social engineering social engineering attacks social engineering tactics software source SSO strategies support T tactics targeted text the theft third third-party third-party software threat threats to tool tool integration tools Tor TP training Training Programs under up US use uth V version victims vulnerabilities Ware Wi x