Securing the service desk: Why social engineering attacks keep succeeding

Service desk social engineering remains one of the most effective ways for attackers to gain access to corporate systems. The 2025 attacks against UK retailers Marks & Spencer (M&S), Co-op, and Harrods, carried out by the hacking collective Scattered Spider, brought these tactics into the spotlight, but they are far from isolated incidents.

In the case of M&S, Chairman Archie Norman confirmed that attackers impersonated an employee and convinced a third-party service desk agent to reset credentials, providing access to internal systems.

More recently, Carnival Corporation disclosed a cybersecurity incident in which an attacker used social engineering to deceive an employee and gain access to a limited portion of the company's IT environment.

Around the same time, the FBI warned organizations about activity linked to threat actor Silent Ransom Group, whose members reportedly posed as IT support personnel and persuaded employees to join remote access sessions using legitimate administration tools.

Stronger regulation, increased awareness, and a number of high-profile arrests have done little to reduce attackers' interest in this route into corporate environments. The continued success of these attacks highlights a simple reality: compromising a service desk is often easier than compromising the technology it protects.