Phishing for Access: The Growing Threat to IT Support Teams

EC

May 22, 2025By Ethan Coulthard

Service desk employees are increasingly targeted by cybercriminals employing social engineering tactics. These attacks exploit  IT support to gain unauthorized access to systems, often leading to significant operational disruptions and data breaches. Understanding these threats and implementing effective countermeasures is crucial for organizational cybersecurity.

The Threat Landscape

Social Engineering Attacks

Cybercriminals frequently impersonate legitimate employees, contacting service desks to request password resets or multi-factor authentication (MFA) changes. By providing stolen personal information, they convince support staff to grant access to systems. The Scattered Spider group has employed such tactics against major retailers like Marks & Spencer and Co-op, resulting in significant service disruptions and data theft.

AI-Driven Impersonation

Artificial intelligence has enabled attackers to clone voices, making impersonation attempts more convincing. By mimicking executives or employees, they deceive service desk agents into granting unauthorized access.

MFA Circumvention

Attackers exploit vulnerabilities in MFA processes by requesting the enrollment of new devices. This tactic has been used to hijack accounts and divert payments, particularly in the healthcare sector.

Scammer telephoning his victims while holding a broken padlock in his hand symbolizing breached security. Concept of vishing

Real-Life Examples of Service Desk Exploits

MGM Resorts Breach

In September 2023, MGM Resorts experienced a cyberattack that disrupted operations across its Las Vegas establishments. The breach originated from a call to the help desk, where attackers impersonated an employee and requested a password reset. This social engineering tactic granted them unauthorized access to systems, leading to widespread outages.

Uber's MFA Fatigue Attack

In 2022, Uber fell victim to an MFA fatigue attack orchestrated by the Lapsus$ hacking group. Attackers obtained employee credentials and bombarded them with repeated MFA requests. Eventually, an employee approved one of the requests, allowing the attacker access to Uber's internal systems.

Twitter's 2020 Account Hijacking

In July 2020, multiple high-profile Twitter accounts were compromised through a coordinated social engineering attack. Attackers manipulated Twitter employees into providing access to internal tools, enabling them to hijack accounts and post scam messages. 

Strengthening Service Desk Security

Implement Robust Verification Protocols

Enhance identity verification by incorporating methods beyond traditional security questions. Utilize solutions that send one-time passwords to registered devices or integrate with trusted providers like Duo Security and Okta.

Enforce Strict MFA Policies

Require that any changes to MFA settings undergo rigorous verification processes. Avoid making exceptions, even under seemingly urgent circumstances, to prevent unauthorized access.

Provide Comprehensive Training

Regularly train service desk staff to recognize and respond to social engineering attempts. Emphasize the importance of adhering to verification protocols and reporting suspicious activities.

Monitor and Audit Access Requests

Implement systems to track and review access requests and changes. Regular audits can help identify patterns indicative of malicious activities.

AI Artificial Intelligence Security Sentinel Password Cyber Security Ransomware Email Phishing Encrypted Technology, Digital Information Protected Secured Lock

Conclusion

As cyber threats targeting service desks become more sophisticated, organizations must proactively bolster their defenses. By understanding the tactics used by attackers and implementing comprehensive security measures, service desks can transform from vulnerable entry points into robust lines of defense. If your company is concerned about their security posture TechHorizon Consulting can help. We can help your company to achieve cybersecurity best practices and protect from cyber-attacks. If this interests you, please visit our 'Contact Us" page.