Google’s Threat Intelligence Group says a vishing threat called UNC6040 has been targeting Salesforce applications with a fake data loader.

In an active campaign, a financially motivated threat actor is voice phishing (Vishing) Salesforce customers to compromise their organizational data and carry out subsequent extortion.

Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.

Do you use Salesforce at your business? If so, then you'll want to watch out for a new phishing attack in which hackers aim to steal your Salesforce data. In a blog post published Wednesday, Google's ...

A financially motivated hacker group has been targeting Salesforce instances for months in a campaign that uses voice phishing to engage in data theft and follow-on extortion attempts, according ...

A new Google Cloud Threat Intelligence report has revealed a sophisticated vishing campaign targeting Salesforce environments, enabling large-scale data theft and extortion. The operation ...

Hackers posed as Salesforce IT staff, using vishing to trick employees into installing malicious software for data theft and extortion.

A wave of data-theft attacks against Salesforce CRM customers have now compromised Google in addition to numerous other major companies.

Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.