The recent wave of social engineering attacks highlights the risks of how a sophisticated threat group can take advantage of human behavior to bypass the most sophisticated security technologies, according to a report released Friday by S&P.  

In recent months, financially motivated hackers have targeted Salesforce instances by using voice phishing in order to obtain credentials and gain access to technology systems. 

S&P analysts said the attacks highlight the need for better awareness, security training and improved cyber governance. 

“If someone is giving access, then that basically bypasses all the great security,” Jawad Hussain, a director at S&P Global, told Cybersecurity Dive. 

The campaigns also highlight the risks related to increased dependence on third-party applications, according to the report. There were no security vulnerabilities linked to Salesforce, yet a series of attacks such as this can create reputational risk for the brand, according to the report. 

The FBI earlier this month warned that two separate campaigns utilized different tactics in order to conduct data theft and extortion against targeted organizations. 

One group, tracked as UNC6040, has used voice phishing to get customer service agents to hand over credentials, according to the FBI. That campaign has been ongoing since October 2024.

A more recent campaign involved the use of compromised OAuth tokens for an AI-chatbot called Salesloft Drift. In this attack, data was stolen after Salesforce instances were compromised. 

The latter campaign was disrupted after the companies revoked access and refreshed the OAuth tokens.