Phishing awareness training has come a long way – and most in security agree it’s critical. But here’s the tough question:
Does your phishing training reflect today’s reality, or just inboxes?
Let’s face it: security training has made users more alert to suspicious emails. That’s a win. But attackers aren’t staying in email anymore. Phishing has become an innovation engine driven by AI, deception layers, and delivery tricks like QR codes, callback scams, and embedded threats inside trusted files.
Attackers are moving into platforms like Salesforce – where the signals are different, and the built-in defenses are limited.
That’s where things break down.
Even well-trained users make mistakes — especially outside email
In Salesforce, phishing links can hide in shared files, QR codes, or support portal messages – even agentic AI / Agentforce workflows. Users encounter them in places they don’t expect – and on devices like mobile phones that often sit outside security controls.
And attackers know how to make these threats look harmless. Phishing links can be buried in mundane PDFs – making them harder to catch at a glance. For users, these files look routine. For attackers, they’re a perfect delivery vehicle.
Add to that the daily pressure most users face: all the jumping between workflows, responding to customers, making decisions fast. Distraction, hurry, and multitasking aren’t rare exceptions. They’re the norm. And even well-trained users slip.
Don’t blame users. Protect them.
When a user clicks a phishing link in Salesforce, it’s easy to look for human error. But the better question is: Could we have prevented it?
The truth is, phishing training alone was never meant to carry the entire burden. We don’t expect users to be malware analysts. Why expect them to be phishing detectives?
Instead of pointing fingers, we need to back our people up with technology that catches what they can’t. That’s where solutions like WithSecure Cloud Protection for Salesforce step in. It scans files, links, and QR codes at the point of upload or interaction, stopping threats before users can act on them. Prevention is always cheaper than remediation.
New threats demand new defenses
Attackers are evolving fast – and they’re lowering the bar to entry. Today, we’re seeing:
- AI-powered phishing campaigns with polished, branded content and natural-sounding language
- Phishing-as-a-Service kits that provide complete end-to-end attack infrastructure – from email templates and fake login pages to real-time credential harvesting
These campaigns don’t need a genius behind them. They’re scalable, convincing, and effective. And platforms like Salesforce – which blend collaboration, automation, and trust – are attractive targets.
The Salesforce platform is already being exploited. Many enterprises have seen phishing, malware, or social engineering threats move through Salesforce channels. This is acknowledged by Salesforce.
Even MFA has its limits. Attackers have found plenty of ways around it. Not all MFA is phishing-resistant, and not all implementations hold up. It’s just another reminder: layered defenses need to meet users where they work.
Phishing is an industry and evolving fast
Phishing is getting easier to launch and harder to detect.
With AI-written lures, fake branding, and phishing kits sold as-a-service, even low-skill attackers can launch convincing, targeted campaigns in minutes.
And now, it’s moving into business-critical platforms like Salesforce, where trust and the element of surprise make users even more vulnerable.
Agentic AI use cases amplify the risks, with the potential for the threats to spread at machine speed.
Why traditional tools don’t cut it
Endpoint protection (EPP) is essential. But it’s not enough.
Salesforce is a cloud-first platform. Files and links often enter via chats, emails, forms, APIs, community portals, or direct user uploads without ever touching a protected device. And Salesforce doesn’t natively scan content for threats.
If you rely solely on EPP, here’s what you miss:
- No inspection at upload: Files and links sit in Salesforce records and attachments, looking harmless
- No scanning in real time: Threats go live the moment someone clicks, shares, or automates with them
- No visibility: You won’t know what’s spreading inside your environment until damage is done
You wouldn’t trust EPP to secure your email – why treat Salesforce any differently?
Just like we protect inboxes with specialized email security, we need to extend that same layered defense to Salesforce.
Protecting users (and your reputation) pays off
Security shouldn’t just catch mistakes. It should create a buffer between human behavior and business risk.
WithSecure Cloud Protection for Salesforce is that buffer – detecting threats like phishing links, malware files, and malicious QR codes the moment they enter your environment. It integrates natively with Salesforce, so your users stay protected without changing how they work.
It’s a way to maximize your existing security investments without adding more complexity. And it helps stop threats before they spread to customers, partners, or AI workflows.
The smart move — for your business and your career
When someone takes the initiative to strengthen Salesforce security, that sends a clear message – to attackers, to leadership, and to your peers.
That’s proactive security.
It’s not just smart for the business. It signals maturity and foresight in your role. Whether you’re in security, Salesforce and CRM team, IT, or ops – being the one to champion protections where they’re needed most? That’s leadership. And it doesn’t go unnoticed.
What to do next
- Continue phishing training. It matters.
- But don’t rely on training alone, as human error will always exist.
- Add phishing protection where it’s missing: inside Salesforce.
- Treat Salesforce like a cloud-based endpoint. Secure it the way you would email.
- Encourage proactive security culture, and avoid blame culture.
Let your users focus on work instead of sweating about every threat.
Protect your Salesforce users where training can’t.
Extend your protection beyond email with WithSecure Cloud Protection for Salesforce – real-time scanning for links, files, QR codes and identity risks inside your trusted workflows.
