Estimated reading time: 5 minutes
The Can’t Help Desk –
Get ready: your friendly neighborhood help desk is about to become a lot less helpful. Consider it another shining achievement of our digital age. Right up there with self-driving cars that drive into walls and social media that makes everyone hate each other more efficiently. Now, “help desks,” once the frontline protectors of your digital security, are themselves being scammed by cybercriminals, spreading pain to all those they were supposed to help and protect. And the response by companies? You can bet it will be to make their help desks a lot less helpful.
When The Help Desks Get Hoodwinked
It just happened across the pond at Marks and Spencer, the big store chain. A screw up exposed the data of many online shoppers and shut down much of the store’s e-commerce. The culprit: Social engineering. A polite if somewhat sinister term used to describe how hackers con people into opening the backdoor, side, and even front door of their computer systems – maybe a few windows as well.
Sophisticated Impersonation AKA Social Engineering
This week, M&S chairman Archie Norman said this while testifying before the UK Parliament, “As far as I can tell, that is a euphemism for impersonation, but it was sophisticated impersonation. They didn’t just rock up and say, ‘Would you change my password?’ They appeared as an individual, with their details.” You can watch that moment in the testimony in the video clip below.
Responding to attacks like that on Marks and Spencer, American institutions have been joining the unhelpfulness brigade. The motto now seems clear: if you can’t trust anyone, and your help desk can’t tell the difference between employees and crooks, make sure no one takes the risk of helping anyone else.
Social Engineering Scandals: The Dark Art of Hacking Humans (And Help Desks)
These aren’t isolated moments:
- AI CFO Swindle: In February 2024, a corporate bean counter handed $25 million to crooks after attending a Zoom meeting with the company’s CFO. Only it wasn’t really the CFO, it was an AI “deepfake” of the boss giving instructions. No, the employee couldn’t tell the difference and followed a bogus directive.
- Pepco Gets Peppered: European retailer Pepco Group managed to wire €15.5 million straight to scammers in 2024, thanks to some impeccably faked employee emails. Moral of the story: Never trust an email that says, “Kindly wire millions, regards.”
- North Korea Clickbait: In March 2025, North Korea’s Lazarus Group sent “too good to be true” job offers to crypto bros. They clicked. Malware called GolangGhost slipped in, letting Pyongyang’s finest rifle through their digital sock drawers.
- Google Gets Phished: In April 2025, a phishing blitz spoofed Google’s own no-reply address. Recipients obediently handed over their credentials to what they thought was Big Tech. Result: passwords stolen, dignity optional.
Cybersecurity Fiasco
Take healthcare, the gold standard in cybersecurity fiascos. Recently, I endured the healthcare circus firsthand. My son’s doctor’s appointment hung in limbo because the insurance numbers weren’t adding up. We’ve all been there: pressing one for frustration, two for desperation, three to hear it all again.
I called my insurance company. The hospital folks weren’t permitted to verify coverage themselves outside their approved system; no clicking online, no phone calls allowed. Because, apparently, we now live in a world where every call or click might secretly be Vlad from Vladivostok, cheerfully collecting your identity for sale on the dark web. We resolved the issue eventually, no thanks to the sophisticated system, which somehow created two separate files for my son, one with his name misspelled. Let’s not autopsy that miracle of paperwork navigation; even victories can be exhausting.
Get The Cyber Insurance News Upload Delivered
Every Sunday
Subscribe to our newsletter!
Human Error – The King of The Hill
Human error, it seems, remains undefeated in cybersecurity breaches. We reuse passwords with reckless abandon. We click suspicious links faster than you can say, “Nigerian prince.” The powers-that-be figure; if they can’t make tech help-desk staffers smarter, they’ll just take away their ability to do anything risky, you know, like helping.
So, how to protect yourself and your company? Cyber insurance, which can cover your company or you and your family from losses, including those created by bad help desk decisions. But even here, there can be less help than hindrance if the tech support lets you down.
You probably should have cyber insurance anyway, but double-check that your coverage includes “social engineering” scams, where people trick your help desk or you directly.
Social Engineering AKA “Sophisticated Impersonation”
Social engineering is “notoriously difficult to detect,” notes Embroker, an insurance company. As you might expect, the insurance company warns that “social engineering attacks are a bit more complicated to get insurance coverage for.” And, naturally, that means “Cyber liability insurance policies often exclude or limit coverage for social engineering attacks.”
Expect fewer password resets, fewer identity verifications, fewer practical solutions from help desks that were once designed to, you know, help. Passkeys and biometrics, our new overlords of identification, promise security but often deliver confusion. Toss in a deepfake audio call mimicking your boss or mother-in-law, and the circle of digital paranoia is complete.
Welcome to the brave new world. If you didn’t realize it before, now is the time to understand that you are the one most responsible for your digital security and take appropriate action.
RELATED NEWS
