Many individuals consider the service desk to simply be a helpline. You call when you forget a password, if you need tech support, etc. But hackers are now using the service desk to gain entry into a company.
Imagine this scenario, you call IT on the phone and ask for a password reset because you forgot it. A hacker can do the same but is lying, and once they have access, they can steal everything.
β’ Sending a fake email asking IT if they can reset their password.
β’ Calling the service desk and posing as a staff member who needs help immediately.
β’ Creating a sense of urgency when asking for help, βPlease can you reset this, my boss is going to be angry!β
Service desk employees receive so many requests that it is easy to fall into trap.
β’ Verify identity beyond "Name" or "Email" criteria using multiple steps.
β’ Use strong protocols on password resets, reset a password when the caller can't match detail (protocol).
β’ Regularly train help desk staff to be aware of common tricks.
β’ Limit access, only give your help desk staff what they absolutely need; nothing more.
It's like securing your house. You wouldn't hand a spare key to someone who says "Trust me, I live here."
Ask yourself, if a hacker called your IT help desk today would the attacker fool your help desk, and if so, it's time to change policies before it's too late.
Why are Hackers Targeting Service Desks?
Hackers believe that it is much easier to fool a person than to the break the firewalls that may be standing between them and access to your company user account. Therefore, hackers plentifully rely on social engineering instead of employing sophisticated malware.Imagine this scenario, you call IT on the phone and ask for a password reset because you forgot it. A hacker can do the same but is lying, and once they have access, they can steal everything.
Conning Us
Hackers are smart and they are cunning, and for the most part, they will try one of several schemes.β’ Sending a fake email asking IT if they can reset their password.
β’ Calling the service desk and posing as a staff member who needs help immediately.
β’ Creating a sense of urgency when asking for help, βPlease can you reset this, my boss is going to be angry!β
Service desk employees receive so many requests that it is easy to fall into trap.
Ways to Protect Your Help Desk
It's not technology that will solve this issue, it is rules and checks:β’ Verify identity beyond "Name" or "Email" criteria using multiple steps.
β’ Use strong protocols on password resets, reset a password when the caller can't match detail (protocol).
β’ Regularly train help desk staff to be aware of common tricks.
β’ Limit access, only give your help desk staff what they absolutely need; nothing more.
It's like securing your house. You wouldn't hand a spare key to someone who says "Trust me, I live here."
Why This Is Important
Many organizations will spend on antivirus and firewall investments, not paying attention to the human element. Cracking the codes used by machines is typically the weakest link and almost always the human element. A simple mistake on a phone call can make a hacker's job of getting access much easier.To Close
Your help desk is no longer just support, but also a target for criminals. With a little training, stricter checks, and writing better policies or protocols you can close the dirt road (chances) available to hackers.Ask yourself, if a hacker called your IT help desk today would the attacker fool your help desk, and if so, it's time to change policies before it's too late.