How Voice Phishing Breached Google—and How TLD Prevents It

|

 

Phishing Is Still the Easiest Way In—Even at Google. Here’s How to Protect Your Business

In 2025, cyberattacks are rarely about brute force. They’re about trust—and that trust is being exploited through tactics like voice phishing. A recent Salesforce breach campaign exposed just how vulnerable even the most secure organizations are. Companies like Google, Adidas, and Chanel were compromised through a coordinated voice phishing Salesforce breach, proving that no one is immune to these evolving threats.

Companies like Google, Adidas, Chanel, Louis Vuitton, and Allianz Life were all breached—not through zero-days or advanced malware, but through social engineering. These incidents, now linked to the threat group known as UNC6040 (also referred to as ShinyHunters), highlight a growing trend: phishing is evolving, and no one is immune.

Phishing & Fake Salesforce Apps: A Low-Tech Breach with High-Impact Results

According to reports from Malwarebytes and InfoSecurity Magazine, the attack centered around Salesforce—a trusted, widely-used platform for managing customer data. Employees at several global companies were contacted by phone (a tactic known as vishing) by people posing as IT support. The callers guided them to connect to a seemingly legitimate Salesforce app and enter a code. That code gave the attackers access to a malicious version of the Salesforce Data Loader, disguised under names like “My Ticket Portal.”

In Google’s case, the attackers managed to access a Salesforce instance, extract basic business contact information, and then attempted to monetize that data through extortion. These were targeted, coordinated, and convincingly human attacks—designed not to break in, but to be let in.

It worked.

Why Everyone with Login Access Is a Target

If global tech and luxury giants can fall victim to phishing, every business is vulnerable. Any user with a login—whether it’s to your CRM, dialer, policy admin platform, or client records—is a potential weak link. The problem isn’t just technology; it’s human psychology.

That’s why security isn’t just an IT issue—it’s a business-wide priority.

How TLD Builds Defense from the Inside Out

At TLD, we’ve engineered our CRM and dialer platform specifically with security at the foundation—not as an afterthought. Here’s how:

Multi-Factor Authentication (MFA) by Default

Every user is required to authenticate using MFA, ensuring that even if a password is compromised, account access is not easily granted. This is a crucial step in stopping phishing-driven breaches like the Salesforce attacks.

Seamless Single Sign-On (SSO)

TLD supports full SSO integration with clients’ existing Google or Microsoft work accounts, making secure login faster, easier, and less vulnerable to reuse or phishing of credentials.

Least Privilege by Design

One of the most critical—but overlooked—security measures is limiting access. TLD uses least privilege principles, meaning users only get access to the data and functions necessary for their role. If an attacker compromises an account, their exposure is limited.

Training: The Human Firewall

Technology alone isn’t enough. In nearly all of the recent Salesforce breaches, users willingly—but unknowingly—enabled attackers. That’s why every organization must implement consistent phishing and vishing awareness training.

Employees should be taught how to:

  • Recognize phishing emails and fake IT requests

  • Respond appropriately when asked to install software or enter codes

  • Know who to notify internally when something doesn’t feel right

This layer of human awareness is often the difference between a failed phishing attempt and a full-scale data breach.

What the Recent Breaches Teach Us

The takeaway is clear: phishing isn’t going away. It’s getting smarter, more personalized, and harder to detect—especially when it comes in the form of a polite voice on the phone. But that doesn’t mean your business has to be vulnerable.

With a platform like TLD, layered with enforced MFA, Google/Microsoft SSO, and strict least-privilege access control, your technology stack becomes significantly more resilient. Combine that with educated users and a clear internal protocol for reporting suspicious activity, and your organization can stand firm against threats—even the ones that fooled the biggest names in the world.

 

Final Thought

Phishing is no longer a possibility—it’s a certainty. But being compromised doesn’t have to be. Protect your users, your data, and your reputation by taking proactive, layered security measures today.

If you’d like to learn more about how TLD protects clients with built-in MFA, SSO, and access control, visit trust.tldcrm.info.