Google Warns of UNC6040 Vishing Scam: iPhones and Android Phones at Risk

Google Warns of UNC6040 Vishing Scam: iPhones and Android Phones at Risk

Google Alert: These Incoming Calls Could Compromise Your Phone—Ignore Them to Stay Safe

By : Javid Amin |  June 10, 2025 

Google and the FBI have issued urgent warnings about a sophisticated phone scam targeting both Android and iPhone users. This emerging threat, orchestrated by a cybercriminal group known as UNC6040, is part of a rising trend in vishing attacks—where hackers use fake voice calls to manipulate victims into compromising their devices.

What’s Happening?

According to Google’s Threat Intelligence Group, UNC6040 doesn’t break into your phone using malware or brute force. Instead, they pretend to be trusted IT personnel, convincing users—often employees of large organizations—to download fake apps and grant access voluntarily.

“This is a form of social engineering at its most dangerous,” Google warns. “Once you install the malicious app, your entire system could be compromised.”

One of the common disguises? A fake version of Salesforce’s “Data Loader” tool, used by UNC6040 to infiltrate company systems and cloud services.

Who Is at Risk?

Everyone with a smartphone is vulnerable, whether you use an Android or an iPhone. The attackers aren’t discriminating—they’re targeting organizations in sectors such as:

  • Hospitality

  • Retail

  • Education

With operations reported across the U.S. and Europe, the impact is widespread and ongoing.

What Is Vishing?

Vishing, or voice phishing, is when attackers call a victim and impersonate someone credible, such as company IT support. Their goal is to manipulate you into:

  • Sharing credentials (like your Okta login)

  • Downloading fake software

  • Allowing remote access to your device or systems

These calls may sound convincing and professional. But falling for them could mean handing over access to sensitive data, leading to further breaches, identity theft, or financial loss.

The Bigger Picture: UNC6040 and ‘The Com’

Google’s analysis suggests UNC6040 may be loosely connected to another cybercrime group known as The Com—a Telegram and Discord-based collective known for:

  • Trading hacking methods

  • Sharing stolen credentials

  • Targeting English-speaking employees at global firms

Although it’s unclear whether the groups are formally allied, their methods are strikingly similar, involving a mix of vishing, smishing (SMS phishing), and spear phishing.

FBI Issues Separate Warning

The Federal Bureau of Investigation (FBI) has also flagged a related scam active since April 2025. In this version, hackers use AI-generated voice messages and texts claiming to be from senior U.S. officials. These messages direct victims to malware-laden websites or phishing platforms.

FBI field offices including Cleveland, Nashville, and New York State Police have all shared alerts on X (formerly Twitter) and other platforms to warn the public.

Google’s Top Security Tips

To avoid falling victim to these sophisticated scams, Google recommends a proactive security strategy—especially for businesses:

Key Tips:

  1. Use Least Privilege Access
    Only give employees access to the systems and tools they absolutely need.

  2. Control App Access Strictly
    Audit connected applications frequently.

  3. Use IP-Based Access Restrictions
    Limit system access based on trusted networks only.

  4. Deploy Salesforce Shield (if applicable)
    Monitor for unusual behavior across Salesforce environments.

  5. Enable Multi-Factor Authentication (MFA)
    Mandatory for all systems and logins—personal and professional.

  6. Don’t Trust Unsolicited Calls
    If someone claims to be from your IT department or tech support, hang up and call your verified company number directly.

Frequently Asked Questions (FAQs)

Q1. What is vishing in phone scams?
Vishing is a type of phishing that involves voice calls. Scammers impersonate trusted sources to manipulate victims into revealing sensitive information or installing malicious software.

Q2. Can iPhones also be compromised through vishing?
Yes. Both iOS and Android devices can be targeted, as these attacks rely on human manipulation, not technical vulnerabilities.

Final Advice: Don’t Let Your Voice Be Your Vulnerability

These scams are not going away any time soon. As attackers continue to evolve and exploit trust, it’s crucial to stay alert, educate employees, and implement strict cybersecurity policies.

If you get a call that feels urgent, suspicious, or unexpected—don’t engage. Hang up. Verify. Report.

Related posts