When MGM Resorts suffered a crippling cyberattack in 2023, forensic teams expected to find sophisticated malware or a zero-day exploit. Instead, they discovered something far simpler: an attacker called the help desk, impersonated an employee, and was handed the keys to the kingdom, according to TechRadar. Marks & Spencer and Harrods fell victim to similar attacks in 2025. This pattern reveals a harsh reality – organizations spend millions hardening networks and endpoints while leaving identity, their most vulnerable entry point, completely exposed.
The Vulnerability That Bypasses Most Security Controls
Help desks are under constant pressure to restore locked-out employees' productivity quickly, TechRadar reports. This creates an environment where speed often trumps security. The typical interaction follows a predictable path: the caller provides basic identifying information, explains why they need access, and receives credentials. For an attacker who has done minimal reconnaissance on LinkedIn or company websites, this is trivial to replicate.
This attack vector is particularly dangerous because it bypasses most security controls, such as firewalls, endpoint detection, and network monitoring. These measures are blind to an attacker who talks their way through the front door with legitimate credentials issued by your own staff.
Why AI Has Made This an Urgent Crisis
Artificial intelligence has lowered the barrier for social engineering attacks, TechRadar notes. The U.S. Department of Health and Human Services has warned that adversaries are using AI voice impersonation to target hospital help desks. Accelerated by AI, phishing and spoofing scams increased by over 85%, and the average financial losses have more than doubled from $1,000 to $2,060.
| Metric | Before AI-Driven Attacks | After AI-Driven Attacks | Change |
|---|---|---|---|
| Phishing & spoofing scam volume | Baseline | +85% | Significant increase |
| Average financial loss per incident | $1,000 | $2,060 | 106% increase |
Three Best Practices for Help Desk Security
TechRadar outlines two interconnected controls (the third was not fully detailed in the source):
1. Harden Identity Operations
Every access request should trigger the same verification standards. Multi-factor authentication cannot be optional or easy to bypass. Implement passwordless, phishing-resistant authentication methods using industry standards. However, even passwordless systems can be compromised if credential recovery and enrollment processes remain vulnerable to social engineering. Security questions based on static information should be replaced with dynamic verification that is harder to research or guess. Conduct regular identity governance reviews to eliminate stale accounts and ensure no identity has more access than necessary.
2. Tie Device Enrollment to Identity
When resetting credentials or restoring access, verify that the receiving device belongs to the legitimate user. Device-bound credentials can prevent attackers from using stolen passwords on unauthorized hardware.
The most common pushback to strengthening help desk security is operational. What happens when an executive loses their phone while traveling? What if an employee legitimately cannot access their registered device? The answer is tiered response protocols combined with the controls above, TechRadar reports. While the third control was not fully described in the source, the two listed practices form a strong foundation to close the help desk vulnerability gap.
Sources:
