Phishing Scams in Salesforce: What to Do in the Event of an Attack


Phishing is an increasingly popular form of cyber-attack where criminals send messages or emails containing malicious links to trick people into downloading malware or rerouting to fake sites. 

In contrast to more high-tech hacking attacks, phishing uses social engineering to obtain sensitive information, mostly by mimicking a reputable source their victims trust. In the past, phishing tended to be limited to a single attack vector: email. These days, however, attackers use text messaging, social media and even phone calls in an attempt to access valuable data. Phishing is also by far the most common cybercrime, causing over 90% of data breaches and impacting millions of people yearly.

There are various kinds of phishing attacks. They vary in their approaches and targets but ultimately have the same end goal: tricking a person into providing personal or sensitive information. The most common kinds include:

  • Email phishing: targets both the general public and businesses
  • Spear phishing: targets specific people and business departments
  • Whaling: targets CEOs and senior executives
  • Vishing (voice phishing): targets through phone calls
  • SMS Phishing: targets through text messages
  • Social Media Phishing: targets social media users
  • Angler Phishing: targets unhappy or disgruntled social media users

Anyone—individuals or businesses—can fall victim to phishing. Training people to scan emails, social media posts, SMS and phone calls for the hallmarks of phishing is best practice, but even the best-trained humans are fallible. Especially in the case of a larger business with a large attack surface, setting up a robust cyber security system is vital.

What Salesforce's Breach Can Teach Us

Salesforce is one of the world’s leading providers of Customer Relationship Management (CRM) software. Their cloud-based solutions help businesses the world over improve efficiency, streamline market research and integrate with other SaaS services. While Salesforce is generally very safe to use, there have been sporadic incidents involving human errors in data security, such as the 2019 phishing attack on the company.

Data security means protecting a company's private and sensitive data. For Salesforce, this includes client records, financial information, and contact details. If a company loses control of data protection, the results can be catastrophic, with data breaches costing companies an average of $4.35 million. When Salesforce was hit by a phishing attack, around 200,000 client accounts were affected, and private data was found for sale on the deep web three months later.

In today's digital age, malicious actors are constantly on the lookout for security weaknesses to exploit. Salesforce's case highlights the global issue of one weak link being enough to bypass even the most robust security measures. However, there are steps that can be taken to minimize the effects of a successful attack.

Vital Steps to Take Following a Phishing Attack

1. Activate the company's security protocols

Once an attack is identified, the first steps to be taken should be to inform the IT department, shut down all systems and implement a company-wide password reset. The IT team will check if the attack is a genuine threat, and if your security system is strong enough, the department may have countermeasures in place in the event of such an attack. They can also scan the company's network for malware.

It's also critical to unplug devices from the network as soon as possible. Hackers will have fewer opportunities to access your devices or personal information if the entire system is shut down. Disconnecting from your network can also prevent malware from spreading to other devices.

2. Get the HR department involved

After a phishing attack, an HR representative, ideally with help from IT, should talk to the employee who clicked on the malicious link in order to better understand the chain of events that led to the attack.

The HR team must also provide cybersecurity training for employees. They should promote a culture of cybersecurity by educating and encouraging staff to maintain good cyber-hygiene practices. They can also provide specialized training for employees in high-risk positions, such as heads of accounting and finance departments.

It's important to include cybersecurity training in the onboarding process for new employees, with a focus on the risks associated with accessing and using personal data. The HR team can also create security policies that include consequences for repeated violations.

3. Check for Malware and Identity Theft

IT teams are able to run deep scans on files, devices, servers and applications to check if the attacker left any malware in the company network following the breach. If malware is found, then a full system purge must be conducted to remove it before normal operations can be resumed. In order to detect potential cases of identity theft, sensitive systems such as invoicing and banking platforms need to be monitored for suspicious activity. The companies running these systems should also be immediately informaed of the breach. 


Phishing preys on human emotions, and when accomplished, it may cause financial, emotional, and mental chaos. A data security breach will not only endanger your business but will also put your clients' private information at risk, potentially damaging their relationship with your company. When a phishing attack occurs, however catastrophic it may seem, there are still ways to minimise the damage. Awareness, knowledge, training, and technology can neutralize even the most sophisticated threats. With the help of WithSecure™ Cloud Security for Salesforce, your company can mitigate the losses from a phishing attack.

Interested learning more

pluggin the gabs

What is Cloud Protection for Salesforce

Learn more

How Cloud Protection for Salesforce Works

Learn more

Get in Touch for a Free Consultation!

Complete the form and we'll get back to you as soon as possible

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Get in Touch for a Free Consultation!

Complete the form and we'll get back to you as soon as possible

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.