Even tech giants aren’t immune to cyberattacks. Google has now confirmed it was hit in a wave of data theft targeting companies that use Salesforce. We’ll uncover if the data of Google users is safe and what to look out for if you’re a Salesforce customer as we sit down and sync up with Rocket IT’s weekly technology update.

In this episode, you’ll hear more about:

• A major breach affecting Google and its customers.
• How attackers are targeting Salesforce databases.
• What makes this voice phishing so convincing.
• The type of data hackers are after.
• Who could be in scammers’ crosshairs next.

Video transcript

Back in June, Google’s security team put out a warning. They had spotted attackers using voice phishing to go after Salesforce accounts. The attackers start by identifying companies that use Salesforce, which is surprisingly easy to do through public information like job postings or LinkedIn profiles. Then they call an employee, pretending to be from IT or Salesforce support, and convince them to either give up their login or approve what looks like a legitimate app. In reality, that app quietly gives the attackers full access to the company’s Salesforce account. Once inside, the attacker can download sensitive information about customers and prospective clients alike.

Unfortunately, for Google, the Salesforce account that was breached was used by sales reps to keep track of potential Google Ads customers. And while no payment information was stolen, hackers exported the business names, phone numbers, and sales notes associated with 2.5million records.

So, are Google customers at risk? For most, the danger is minimal because the stolen details were basic contact information. But if your business was on that massive list, it means a hacker now knows who you are, how to reach you, and that you’ve had contact with Google. That opens the door for follow-up scams. For example, an attacker could now know you’re expecting a follow-up from Google, pose as your account rep, and reach out to connect in an effort to scam your organization.

So, who’s to blame here: Google or Salesforce? In reality, neither platform had a flaw. This attack worked because someone was tricked into letting the attacker in. That’s what makes social engineering so dangerous: a convincing phone call can bypass even the strongest security.

It doesn’t matter if your organization is a Fortune 500 company or small-to-medium sized business, if your team uses Salesforce or Google products, you could be a target of this ongoing scam. And protecting against this requires more than technology. It requires training your team to recognize scams, processes to verify unusual requests, and security systems that can detect suspicious activity fast. If you’re not sure your team could spot an attack like this, now’s the time to talk with a trusted IT partner, like Rocket IT. To reach out, contact us using the link in this video’s description. And to stay up to date on trending technology news, hit that subscribe button and the bell to catch us on next week’s episode of Sync Up with Rocket IT.