Skip to content
Tech News
← Back to articles

Securing the service desk: Why social engineering attacks keep succeeding

2026-06-24 | original
read original more articles
Why This Matters

Social engineering attacks on service desks remain a prevalent and effective method for cybercriminals to infiltrate corporate networks, exploiting human vulnerabilities despite increased awareness and regulation. These attacks highlight the ongoing challenge of protecting organizational access points and underscore the need for enhanced training and security measures. As attackers continue to succeed through manipulation, organizations must prioritize securing their service desk processes to mitigate these risks.

Key Takeaways

Service desk social engineering remains one of the most effective ways for attackers to gain access to corporate systems. The 2025 attacks against UK retailers Marks & Spencer (M&S), Co-op, and Harrods, carried out by the hacking collective Scattered Spider, brought these tactics into the spotlight, but they are far from isolated incidents.

In the case of M&S, Chairman Archie Norman confirmed that attackers impersonated an employee and convinced a third-party service desk agent to reset credentials, providing access to internal systems.

More recently, Carnival Corporation disclosed a cybersecurity incident in which an attacker used social engineering to deceive an employee and gain access to a limited portion of the company's IT environment.

Around the same time, the FBI warned organizations about activity linked to threat actor Silent Ransom Group, whose members reportedly posed as IT support personnel and persuaded employees to join remote access sessions using legitimate administration tools.

Stronger regulation, increased awareness, and a number of high-profile arrests have done little to reduce attackers' interest in this route into corporate environments. The continued success of these attacks highlights a simple reality: compromising a service desk is often easier than compromising the technology it protects.

Understanding why attackers target service desks, and how these attacks are typically carried out, is the first step toward defending against them.

Why do attackers target service desks?

Scattered Spider and hackers with a similar modus operandi target service desks because they’re a high-leverage, low-resistance entry point into corporate networks. Here's why attackers continue to target service desks successfully:

Human vulnerability: Help desk staff are primarily trained to help, even if they’ve had some training with regard to social-engineering attacks. This can make them susceptible to impersonation attempts, especially when attackers sound fluent, urgent, and knowledgeable.

Access to credentials and resets: Service desk agents usually have the ability to reset passwords, provision accounts, or disable multi-factor authentication. This gives attackers a direct path to legitimate access.

... continue reading

Explore topics: service desk social engineering scattedter spider uk retailers cyber security
Related:
NordVPN Coupons: 75% Off, Plus 3 Months Free in June 2026
Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
The Beginning of the End of Social Engineering
What 2026 DBIR Confirms: Attacks Are Living in the Browser
Cyber Insurance Rates Are Dropping, but Exclusions Widen

© 2026 GoKawiil

About | Editorial Policy | Contact