Why social engineering attacks still work on service desks

Michael Miller · 2026-06-24

Service desks have become a prime target for attackers looking to reset passwords, change MFA settings, or grab access to corporate accounts. They're the front door, and sometimes the weakest link. Let's break down how these social engineering attacks work and, more importantly, how you can stop them. ### The anatomy of a service desk attack Attackers don't always need fancy exploits. They just need a convincing story. They call the service desk pretending to be an employee who's locked out of their account or lost their phone. They sound stressed, maybe even a little angry. The goal? Get the agent to reset credentials without proper verification. These calls often rely on basic personal info attackers can find online, like a manager's name or a recent project. Once they're in, they can bypass MFA, steal data, or move laterally through the network. It's that simple. ### Why these attacks keep succeeding Service desk agents are trained to help, not to investigate. They want to resolve issues quickly. That urgency is exactly what attackers exploit. Plus, many organizations still rely on weak verification methods, like asking for a birth date or employee ID, both easily found or guessed. - Agents often skip extra verification steps under pressure. - Attackers use social engineering to mimic real employees. - Companies lack clear protocols for handling sensitive requests. ### How to defend your service desk The good news is that defense doesn't have to be complicated. Start by implementing a strict verification process for any password reset or MFA change. Use out-of-band confirmation, like sending a code to a pre-registered personal email or phone number. Train your agents to recognize red flags, like callers who rush or get defensive when asked for details. Role-playing scenarios can make this training stick. And don't rely on knowledge-based questions alone, they're too easy to crack. ### Building a culture of skepticism Your service desk should be helpful, but also cautious. Encourage agents to trust their gut. If something feels off, it probably is. Create a simple reporting system for suspicious calls so patterns can be spotted early. Regularly audit your service desk logs. Look for unusual patterns, like multiple reset requests from the same caller or odd times of day. These can be early signs of an attack in progress. ### Final thoughts Service desks are a gateway, but they don't have to be a vulnerability. With the right training, clear policies, and a bit of healthy skepticism, you can shut down these attacks before they start. Remember, the goal isn't to make agents paranoid, just prepared. And that preparation can save your organization from a costly breach. Stay vigilant, and keep those defenses strong.