Members of a financially motivated threat group are impersonating IT support staff in convincing phone calls and talking employees into granting access to their organization’s Salesforce environments.

Salesforce warned users of an uptick in malicious activity targeting Experience Cloud customers with misconfigured user settings via an open source tool.