By NHI Mgmt Group Editorial TeamDomain: Governance & RiskSource: Cybertrust JapanPublished September 29, 2025

TL;DR: ShinyHunters-style vishing campaigns used help desk impersonation to push victims into approving malicious Salesforce connector changes, enabling CRM data theft across firms including Qantas, LVMH, and Google, according to Cybertrust Japan's analysis of GTIG reporting. The real failure is not MFA alone, but assuming users can safely validate connector trust under live social engineering pressure.


At a glance

What this is: This is an analysis of vishing-driven Salesforce CRM theft that shows attackers using social engineering to abuse OAuth-connected data access rather than exploiting a software flaw.

Why it matters: It matters because IAM teams must govern delegated app access, help desk verification, and CRM-connected secrets with the same rigor they apply to privileged accounts and NHI lifecycles.

By the numbers:

👉 Read Cybertrust Japan's analysis of Salesforce CRM vishing and data theft


Context

Vishing against Salesforce-connected environments is a governance problem, not just a fraud problem. The attacker does not need to break Salesforce itself if the real target is the trust relationship between the user, the help desk, and an OAuth-connected application.

In this campaign, the useful access path is the connector or data loader, not the CRM login page. That shifts the identity question from simple authentication to delegated authorisation, approval integrity, and lifecycle control over connected applications and support-assisted changes.

For IAM and NHI teams, the lesson is that social engineering can turn a legitimate integration into an attacker-controlled exfiltration path. The starting point here is typical of modern SaaS abuse: the weakness is in the operational trust chain, not in one isolated control.


Key questions

Q: How should security teams handle vishing attacks that target SaaS support workflows?

A: Treat support workflows as part of the identity perimeter. Require stronger verification for password resets, device changes, and connector approvals than for ordinary service requests. If a help desk action can create delegated access, it needs privileged treatment, logging, and review.

Q: Why do MFA and SSO not stop Salesforce data theft in social-engineering attacks?

A: Because the attacker is often not trying to beat the login flow. They are trying to persuade a user or support desk to approve a connector, reset path, or other downstream action that is already trusted by the platform. MFA can authenticate the session and still leave authorisation integrity unprotected.

Q: What do security teams get wrong about OAuth and connected apps?

A: Teams often assume a delegated app is safe because it was approved once, but approval is not the same as ongoing trust. OAuth grants can outlive the original need, inherit too much scope, or become a bridge into multiple SaaS tenants. Security teams should treat each grant as a revocable access path, not a permanent integration.

Q: Who is accountable when a support-assisted connector change leads to data exfiltration?

A: Accountability sits across identity, service desk, and application ownership. IAM teams should define who approves connector scopes, who can alter them, and who must revoke them after incidents or role changes. Without that ownership, delegated access outlives the business reason for it.


Technical breakdown

How vishing turns support workflows into access paths

Vishing works because service desks and internal support teams are optimised to restore access quickly. Attackers impersonate employees, convince support staff to reset credentials, approve device changes, or assist with connecting a malicious application. In SaaS ecosystems, that assistance can create a durable trust edge even when the initial authentication is strong. The critical issue is that the support interaction becomes an authorisation event, not merely a password reset. Once a user is steered into accepting a connector or data-loader flow, the attacker no longer needs the original phishing channel to persist.

Practical implication: Treat help desk workflows as part of the identity attack surface, and require stronger verification before any support action that can alter connector trust or delegated access.

Why OAuth-connected applications are attractive to attackers

OAuth-connected applications are powerful because they can access data without repeatedly prompting the user. That strength becomes a weakness when the connected app is malicious or when a legitimate connector is repurposed through deception. The attacker is not stealing a session token in the classic sense. Instead, they are inducing the victim to grant or activate data access that looks routine from the platform’s perspective. This is why CRM compromise often appears as normal application activity until the exfiltration has already started.

Practical implication: Inventory every connected application, review its scopes, and treat new consent grants or connector changes as privileged events.

Why MFA does not stop delegated application abuse

MFA blocks many credential theft paths, but it does not validate the business meaning of a downstream action. If a victim is tricked into approving a connector, following a reset workflow, or entering a code on a counterfeit page, MFA may succeed while the attacker still obtains the access they wanted. The control failed to protect the authorisation decision, which is where this class of attack lives. This is a common gap in cloud and SaaS environments where security teams over-index on authentication and under-govern application grants.

Practical implication: Pair MFA with transaction-aware checks for connector approvals, device changes, and support-mediated account recovery.


Threat narrative

Attacker objective: The attacker seeks to monetise stolen CRM data by extracting customer and business records through a trusted SaaS integration path.

  1. Entry begins with vishing against the help desk or user, using voice impersonation and social pressure to trigger a legitimate support action or connector approval.
  2. Escalation follows when the victim is pushed into authorising a malicious Salesforce-connected application or altered data loader flow that grants broader access than intended.
  3. Impact occurs when the attacker uses that delegated access to collect CRM records and associated customer data without needing direct exploitation of the Salesforce platform.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

Support-assisted access is a governance surface, not a back-office convenience. Vishing campaigns succeed when identity programmes treat help desk actions as administrative routine rather than access decisions. The support channel can create or widen trust in ways that MFA never sees. Practitioners need to govern support-mediated changes with the same seriousness as privileged access changes.

OAuth consent abuse is a delegated-authorisation problem, not a login problem. Salesforce and similar SaaS environments can be compromised without breaking the underlying authentication stack because the attacker targets the application grant itself. This aligns closely with OWASP-NHI thinking around secret and credential misuse in connected systems. The practitioner conclusion is to classify app consent as an identity event with its own approval and review path.

Identity blast radius expands when SaaS integrations are left outside lifecycle governance. The problem is not just that connected apps exist, but that their scopes, owners, and revocation paths often remain unclear after deployment. Identity blast radius: the total amount of data and access a trusted connector can expose if it is abused. When that blast radius is unmanaged, a single vishing success can reach far beyond one account.

MFA did not fail here. The assumption that user verification equals safe downstream authorisation failed. That assumption was designed for a world where authentication and intent were tightly coupled. It fails when the actor can be manipulated into approving a different application or support action than the one they believed they were validating. The implication is that IAM programmes must separate authentication assurance from authorisation integrity.

Human identity controls and NHI governance now meet in the same attack path. A person is socially engineered, but the real damage comes through the machine-to-machine trust they help establish. That means identity teams cannot isolate SaaS app governance from user recovery flows or support desk procedures. The practitioner conclusion is to manage these as one connected control plane.

From our research:

  • 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, 38% have no or low visibility, and a further 47% have only partial visibility, according to The State of Non-Human Identity Security.
  • Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to the same study.
  • That visibility gap is why lifecycle control belongs in the operating model, and the NHI Lifecycle Management Guide is the right next step for provisioning, review, and offboarding discipline.

What this signals

Identity blast radius: in SaaS environments, a single consent grant or support-assisted connector change can expose far more data than a compromised password ever could. That means IAM leaders need to model downstream permissions, not just login assurance, and they should align this with CIS Controls v8 account management and access control discipline.

The practical boundary is shifting from account security to trust-relationship security. As CRM and collaboration platforms accumulate more delegated integrations, the programme question becomes who owns each connector, who can approve scope expansion, and how quickly revocation occurs when the business need changes.

This is also where the lifecycle model matters for non-human access. Support workflows, integrations, and service identities should be reviewed as a connected system, not separate silos, because attackers are increasingly using the human layer to activate machine access paths.


For practitioners

  • Lock down support-mediated account recovery Require higher assurance before any help desk action that can reset access, approve device changes, or alter connected application trust. Use call-back procedures and supervisor approval for high-risk accounts and admin-linked workflows.
  • Review all Salesforce-connected applications and consent scopes Inventory every connector, confirm business ownership, and remove unused grants. Pay special attention to integrations that can read customer records, create exports, or bypass standard user prompts.
  • Treat connector approvals as privileged events Send alerts for new consent grants, changes to connected apps, and data-loader authorisations. Route those events to IAM or security review when the scope includes bulk read, export, or admin-like permissions.
  • Separate authentication from downstream authorisation checks Keep MFA in place, but add transaction-level verification for actions that create delegated access. A valid login should never be enough on its own to approve a new application path or major integration change.
  • Rehearse social-engineering containment for SaaS admins Run incident drills that start with a compromised user or help desk interaction and end with connector revocation, token inspection, and export review. Include CRM, identity, and support teams in the same exercise.

Key takeaways

  • This campaign shows that a trusted support interaction can be more dangerous than a stolen password when it unlocks delegated SaaS access.
  • The exposed risk is not abstract: multiple major organisations were affected through Salesforce-connected data theft, showing how quickly social engineering can scale.
  • The control that matters most is governance over connector approvals, support verification, and revocation, not MFA alone.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST Zero Trust (SP 800-207), NIST SP 800-53 Rev 5 and CIS Controls v8 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-07OAuth-connected app abuse is central to the delegated access path described here.
NIST CSF 2.0PR.AC-1Identity proofing and access governance are implicated by support-assisted account changes.
NIST Zero Trust (SP 800-207)Zero Trust principles apply to trust relationships between users, support, and SaaS connectors.
NIST SP 800-53 Rev 5IA-5Authenticator management matters where support workflows can reset or widen access.
CIS Controls v8CIS-6 , Access Control ManagementAccess control management covers delegated SaaS permissions and related approval paths.

Review connected app consent, ownership, and revocation against NHI-07 before allowing broad data scopes.


Key terms

  • Delegated Authorization: A model in which an application is allowed to act on a user’s behalf after explicit approval. In SaaS environments, delegated authorization is powerful but risky because excessive scope or weak revocation can turn a routine integration into durable non-human access.
  • Identity Blast Radius: Identity blast radius is the amount of data, systems, and permissions exposed when a trusted identity or connector is misused. It is not just a count of accounts affected. It is the practical reach of a trust decision once a support workflow or connector grant is abused.
  • Support-Mediated Access: Support-mediated access is any identity change created or approved through service desk or help desk processes. It matters because those workflows can bypass normal user vigilance and turn an operational convenience into an attacker-controlled trust event if verification is weak.
  • OAuth Consent: The approval that allows an application to access resources on behalf of a user or tenant. In practice, consent can create durable access paths that outlive the original interaction if permissions are broad, unmanaged, or never reviewed. For security teams, it is both an access decision and a lifecycle event.

What's in the full article

Cybertrust Japan's full blog covers the operational detail this post intentionally leaves for the source:

  • The step-by-step vishing sequence used against Salesforce-connected environments and how the malicious connector was introduced.
  • The incident timeline and named organisations affected, including the way customer data was pulled through the trust chain.
  • The Google Threat Intelligence Group references and supporting incident sources that underpin the attack narrative.
  • The mitigation actions the vendor highlights for Salesforce environments, including specific platform settings and administrative checks.

👉 The full Cybertrust Japan post covers the attack chain, affected organisations, and mitigation steps for Salesforce environments.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 12, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org