Over the past few months, we’ve seen again and again how organisations, even large, established brands, are being exploited not through arcane zero-day attacks, but via deception, social engineering, third-party systems, and trusted channels. The latest FBI advisory and recent breaches at major companies serve as stark wake-up calls: no one is immune. As a MailGuard partner, you’re on the front line helping businesses defend themselves, with a narrative around risk, trust, and prevention.
The new FBI alert: Salesforce under siege
On 12 September 2025, the FBI published a FLASH advisory warning of two cybercriminal groups (UNC6040 and UNC6395) targeting Salesforce instances for data theft and extortion. (Internet Crime Complaint Center) Their tactics include:
- Voice-phishing (vishing) campaigns to call into support centres posing as IT, requesting credential or MFA code access. (Internet Crime Complaint Center)
- Using API connections or connected apps (via OAuth) to exfiltrate large volumes of customer data in bulk. (Internet Crime Complaint Center)
The implication is clear: even if your client’s core environment seems secure, attackers are moving sideways, through allied systems, integrations, and people.
Breach spotlight: Qantas and Stellantis
The vulnerabilities the FBI warns about are not theoretical. We’ve seen what unfolded in real organisations:
Qantas
- A third-party contact centre platform used by Qantas was breached. Unauthorised access affected the personal data of up to 5.7–6 million customers (names, emails, phone numbers, dates of birth, frequent flyer numbers) (TechRadar)
- No financial or passport details were stored on that system, and thus (per the airline) those were not accessed. (Qantas News Room)
- Qantas emphasised that their internal systems remained secure, but the breach through a “trusted” vendor still caused reputational damage, customer alarm, and regulatory scrutiny. (Qantas News Room)
Stellantis
- Stellantis confirmed a breach via a third-party service provider supporting its North American customer operations. (Reuters)
- The compromised data appears to be limited to contact information; no highly sensitive financial data was reported. (Reuters)
- But for a company of Stellantis’s scale, any data leak triggers downside risk, like customer trust, regulatory attention, legal exposure, and stock market instability. (TechRadar)
Together, these cases highlight an unavoidable truth: the attack surface is no longer just within your perimeter. It spans into partners, APIs, service-provider systems, and human workflows.
The breadth of risk: not just “phishing” anymore
These incidents underscore several evolving assault vectors that your clients must understand and defend against:
- Vishing + impersonation: Attackers calling as IT, support, vendor staff to trick user accounts or MFA codes. Gets past email-only protections.
- OAuth / connected app abuse: After gaining consent, attackers use API tokens or integrations to pull data. Bypasses perimeter controls.
- Third-party platform compromise: Vendor systems, contact centres, outsourced services are infiltrated. Even if you defend “your side,” theirs may break.
- Credential and MFA compromise: Attackers combine social engineering with stolen credentials to bypass layers. Multi-factor isn’t foolproof if tokens are phished or tricked.
- Reputational, regulatory & legal fallout: Loss of customer trust, investigation by regulators, class actions. These costs often dwarf remediation costs.
What this means for partners
In your role as trusted security advisors, you go deeper than simply deploying a product: you help clients see and manage the full scope of their risk. Here’s how to reframe the conversation and action plans:
- Lead with threat intelligence
Use the FBI advisory to open discussions: “This isn’t hypothetical, these attacks are targeting Salesforce, APIs, and vishing campaigns right now.” Showing that these threats are active gives urgency and credibility. - Emphasise people + process, not just technology
Teach clients to validate calls asking for credentials, train service desk staff, and enforce “out-of-band” confirmation for changes (e.g. via a second channel). - Vet and monitor all third parties
Insist that clients require vendor security reviews, audit rights, and continuous monitoring (logs, alerts) for third-party access systems. - Layer security at points of exposure
Email protection goes beyond native Microsoft 365 or Google protections. Look for behavioural detection, identity protection, and anomaly detection across systems and services. - Be ready to respond, not just prevent
Breaches will occur. Help clients develop response playbooks, rapid containment and forensics plans, communication protocols, and regulatory readiness.
Final takeaway
In today’s environment, attackers don’t just knock at your client’s front door, they dig tunnels under fences, trick the guard, and enter via third parties. The attacks targeting Salesforce and the breaches affecting global brands like Qantas and Stellantis remind us that security cannot be compartmentalised.
Walking through the FBI advisory, and sharing cases like Qantas and Stellantis, can help client’s to see that even the biggest companies can be affected and that they need to assign appropriate importance and authority to cyber protection and readiness, along with resources in the form of time and money.
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a specialist AI-powered email threat detection solution like MailGuard.
For a few dollars per staff member per month, businesses are protected by MailGuard's specialist, zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies your client’s intelligence, knowledge, security and defence.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your clients today to ensure they’re prepared and get in touch with our team to discuss fortifying your client’s cyber resilience.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
