Service desks are under attack: What can you do about it?

Service desk agents are here to help, and we all prefer to talk to an understanding person than a chatbot when wrestling with an IT problem. Unfortunately, it’s this human element that cybercriminals also seek to exploit when targeting service desks. They’ll use social engineering to sweet-talk your service desk agents into divulging credentials, resetting passwords, or approving back-door access. We’ll walk through how they do it and advise how to reinforce this weak link in the security chain – without losing the human touch. Recent attacks on service desks Service desk security has been in the news thanks to several large British retailers being recently struck by DragonForce ransomware. Initial access in these cases was gained through social engineering at the service desk – allegedly by the US & UK based cybercrime group, Scattered Spider. Marks & Spencer (April–May 2025): Attackers duped M&S’s IT help desk into resetting passwords, gaining access to systems and exfiltrating ... Read full article.