To a less-savvy help desk specialist, that response might have seemed credible. That’s how convincing threat actors have become in impersonating employees and how capable they are at extracting personally identifiable information about their targets from the internet. The tip-off in this case? The specialist knew that oncologists don’t typically work in the emergency room and discerned this was a brazen breach attempt. Fortunately, it failed. “Not all help desk individuals have that sixth sense or have the level of training needed to thwart attacks the way this individual did,”
says Ryan Witt, vice president of industry solutions at Proofpoint, which specializes in enterprise email risk and cyberthreat protection. “Nor do they have the level of technology and authentication capability built into their infrastructure right now to stop these types of attacks at scale.” And threat actors know it. The Help Desk: High- Value Target Under Siege
A tech support specialist at a public healthcare institution answered what sounded like a routine call: An oncologist, identifying himself as a staff member, explained he had purchased a new smartphone and needed to reset his credentials to access his accounts. The tech specialist asked a few standard identity challenge questions, but despite how easily the oncologist responded with the correct answers, something didn’t feel right. “By the way, where are you calling from?” he asked the doctor. “Well, at the moment, I’m in the ER,” the oncologist replied. “I can give you the phone number if you like.”
For government agencies, institutions and enterprises
Florida Technology Magazine – 2026 Legislative Edition – 25
Powered by FlippingBook