Many folks around the university rely on Salesforce for customer engagement and promotions. A recent string of cyber attacks put Salesforce users at risks.
Attackers are using social engineering tactics like voice phishing to impersonate Salesforce support staff and trick them into accessing malicious links or adding harmful connected apps on Salesforce.
These attacks often involve modified versions of legitimate tools, such as the Data Loader app, to steal credentials and data. Once access is gained, attackers use these connected apps to extract sensitive information from customer accounts.
If you suspect you have been the target of an attack:
- Stop communicating with the suspected scammer immediately.
- Contact the Buckeye360/Salesforce team directly at buckeye360support@osu.edu to validate any legitimate requests.
- If you have received a suspicious email, click the ‘Report Suspicious’ button within the Outlook app, which will share it with the Email Security team.
- If you believe this to be a potential cybersecurity incident, email security@osu.edu.
Crimes are never the fault of victims. But by remaining vigilant against attackers, you can protect yourself. Reporting suspicious activity can help us all.
If you’d like to know more about how to protect yourself, enroll in our cybersecurity awareness course, available through BuckeyeLearn.