How Help Desk Identity Verification Fails in the Real World

Finn Jensen

Finn Jensen | Founder, FastPasscorp

In the realm of IT management and security, ensuring the effectiveness of your help desk's identity verification process is paramount. Are your IT help desk practices up to par with the best industry standards, and can you confidently say that your service desk is equipped to handle caller identity verification in the face of potential threats?

We recently had the opportunity to work with a substantial US-based company, and they could respond affirmatively to the first two questions. However, even with these positive answers, they found themselves in a predicament when their system was breached. Fortunately, they received a timely warning and were able to respond promptly. Upon investigation, they unraveled the tactics employed by the cybercriminals and gained insights into how their service desk supporters were manipulated.

Drawing from their experience, we've put together a 3-minute video that reconstructs the attack, providing valuable insights into what went wrong and why:

The intriguing aspect here is not necessarily how the cybercriminals acquired information, which, in some cases, could have originated from social platforms like LinkedIn, as seen in the MGM Casino/Hotels attack. Instead, the crux of the matter lies in understanding that hackers employ sophisticated social engineering techniques to build trust in various ways. One such method involves obtaining precise and personalized information about your employees. Armed with this knowledge, they can convincingly masquerade as genuine users, even to a vigilant support staff member. In such scenarios, no amount of awareness training can eliminate the risk.

So, what is the ultimate solution to bolstering your help desk identity verification process and protecting your organization from such deceptions? The answer lies in implementing caller ID verification and ensuring that it is carried out dispassionately and objectively. This necessitates the adoption of an intelligent workflow that orchestrates the entire verification process. It also means revoking the privileged rights of support staff to reset passwords, a critical step in enhancing your overall security posture.

FastPass, for instance, provides a robust solution for enforcing user verification, allowing you to align the process with your organization's specific security policies. FastPass has received certification from industry leaders like ServiceNow and TOPdesk, and it seamlessly integrates with various IT service management (ITSM) solutions.

In conclusion, securing your help desk operations against fraudulent attempts involves rethinking the process of verifying the identity of a user. This includes implementing caller ID verification, revoking password reset privileges, and adopting the best user verification tools available to fortify your organization's defenses in an ever-evolving threat landscape.

Related Posts

Scroll to Top