Security News > 2021 > October > Verify End-Users at the Helpdesk to Prevent Social Engineering Cyber Attack
Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks.
There are many different types of social engineering schemes but one is area of vulnerability is how social engineering might be used against a helpdesk technician to steal a user's credentials.
The first step in such an attack is usually for the attacker to gather information about the organization that they are targeting.
The important thing to remember is that social engineering attacks are not theoretical attack vectors, they happen in the real world.
The key to preventing social engineering attacks against the helpdesk is to make it impossible for a helpdesk technician to knowingly or unknowingly aid in such an attack.
The best way to eliminate the possibility that the organization will be breached by these types of attacks is to prevent the helpdesk staff from using the Active Directory Users and Computers console or similar tools for password resets.