Google discovered a new scam—and also fell victim to it

A threat group is defrauding organisations by phone, posing as an employee’s boss or IT support, to trick them into providing access to their Salesforce accounts.
The attacks work because they are personalised, with details relating to the employee and their organisation, and are timed in a way that creates a sense of urgency, so victims do not suspect anything awry and generally comply.
An employee who falls for the ruse is asked to enter a verification code, which the attacker uses to gain access; from there, they can pilfer data or access other services.
The attack underscores the importance of ensuring staff undergo regular training to bolster cybersecurity awareness, as well as the importance of creating a culture in which employees feel comfortable questioning suspicious requests, particularly those involving sensitive data.
Companies affected include Adidas, Qantas, Allianz Life, Cisco, Tiffany & Co, and Louis Vuitton.

Fast Feed