Helpdesk Social Engineering
Manipulation of an organisation's IT helpdesk or customer service staff into resetting credentials or granting access on behalf of an attacker posing as a legitimate user.
Also known as: IT helpdesk manipulation, support desk fraud, helpdesk pretexting
Last reviewed: 1 June 2026
Helpdesk social engineering targets the human element of identity verification processes. Attackers impersonate employees, contractors, or customers and contact helpdesk or customer service personnel with a plausible story — locked out of an account, travelling abroad, urgent deadline — to pressure staff into resetting passwords, disabling MFA, or providing account access without proper verification.
Helpdesks are attractive targets because their primary function is to assist users quickly, creating cultural and operational pressure to resolve issues with minimal friction. Attackers research targets via LinkedIn and social media to provide convincing personal details that pass basic identity checks, and may invoke urgency or authority to short-circuit verification procedures.
Organisations should enforce strict identity verification protocols for all account recovery actions, require out-of-band confirmation for sensitive changes, implement separation of duties (no single helpdesk agent should be able to disable MFA and reset a password in one call), and train staff to recognise and resist social pressure tactics.
Examples
- An attacker calls a company helpdesk claiming to be a senior executive stuck at an airport with a locked laptop, providing name, department, and manager details gathered from LinkedIn, and successfully persuades an agent to reset their MFA.