A structured defensive framework is presented to protect SaaS platforms, particularly Salesforce, from the financially motivated threat cluster UNC6040, which exploits social engineering tactics like voice phishing to gain unauthorized access. The article outlines proactive hardening measures, identity verification processes, and logging protocols to enhance security against such threats.