Google discovered a new scam—and also fell victim to it

Google recently uncovered a scam targeting Salesforce customers where attackers posed as IT personnel to gain immediate access to accounts. Surprisingly, Google itself fell victim to a similar attack two months later. The hackers, driven by financial motives, exploit a simple method of calling targets and requesting access rather than exploiting software vulnerabilities. Notable companies affected by this campaign include Adidas, Qantas, Allianz Life, Cisco, and LVMH subsidiaries. The attackers manipulate a Salesforce feature allowing account linking to external apps, tricking employees into providing an eight-digit security code to access sensitive data.