[New whitepaper] How to secure your service desk against social engineering attacks

At first glance, these companies couldn’t be more different. A cleaning products giant, an iconic British retailer, a tech behemoth, and Las Vegas entertainment empire. Different industries, different locations, and different business models entirely.

Yet they all share something unfortunate: they’ve all fallen victim to a similar form of cyberattack in 2025. Not through sophisticated zero-day exploits or advanced persistent threats, but through something far simpler – social engineering attacks targeting service desk agents.

From Clorox’s $380 million lawsuit against their help desk vendor to M&S’s $400 million ransomware disaster, from Google’s CRM breach to MGM’s multi-day casino shutdowns, these incidents reveal an uncomfortable truth: while organizations spend millions fortifying their technical defenses, attackers have found a simpler path through the human element.

We walk through these case studies as well as effective strategies for securely verifying service desks in our latest whitepaper. Download the full whitepaper here.

Social engineering: A simple but effective attack route

While organizations spend millions fortifying their technical defenses, attackers have found a simpler path: exploiting the human element. Armed with AI voice synthesis technology, they can clone executive voices from short publicly available recordings. Combined with sophisticated social engineering scripts and detailed reconnaissance from social media, these threat actors are turning IT staff into unwitting accomplices.

It makes a lot of sense from an attacker’s perspective. Why spend weeks developing exploits when a convincing pretext, a local accent, and basic psychological manipulation can trick help desk agents into resetting passwords, disabling multi-factor authentication, and granting privileged access?

What makes these attacks particularly insidious is how they weaponize people’s natural instinct to help. That urgent call from a “traveling executive” locked out of critical systems? The “new employee” whose credentials haven’t activated? The “vendor” requiring immediate access for emergency maintenance? Each scenario exploits predictable human psychology while bypassing millions of dollars in technical security controls.

Help your service desk verify user identities, enforce user authentication, securely unlock accounts, and reset passwords

The three-pillar defense for service desks

The good news? The same understanding that reveals why service desks have become attractive targets also illuminates the path to protection. Organizations that implement comprehensive service desk security don’t just prevent breaches – they flip the economics of social engineering attacks entirely.

Our new research report, “Securing the Service Desk: How to Close the Verification Gap in 2025,” reveals exactly how leading organizations are transforming their most vulnerable touchpoint into a defensive asset. Through forensic analysis of recent high-profile breaches and expert insights from security practitioners, we’ve identified the critical controls that can stop these attacks cold.

Inside, you’ll discover:

• Real-world case studies showing exactly how verification failures cascade into operational disasters
• The three-pillar defense strategy that makes social engineering attacks exponentially more difficult
• Five immediately actionable steps that materially reduce your breach risk
• How to implement phishing-resistant verification steps that can’t be bypassed through social manipulation

Don’t let your service desk become the next headline

The threat actors behind the M&S breach are still active. Scattered Spider and similar groups are systematically targeting service desks across industries, refining their techniques with each successful operation. Service desks without proper verification technology are wide open to attacks that require nothing more than a convincing voice and a phone number.

Download “Securing the Service Desk” today and discover how to transform your organization’s most vulnerable process into an impenetrable barrier against social engineering attacks. Your cybersecurity is only as strong as your weakest link – make sure it’s not your service desk.

Minimize social engineering threats to your service desk