Protecting MSPs From Helpdesk Phishing
The phone rings. You answer, and the person on the other side claims to be Employee Joe from one of your clients. He’s asking if you can help him with a password reset and he’s calling from a recognized number…do you trust it?
MSPs will typically recognize warning signs, yet threats are becoming more sophisticated and effectively throw the hymn sheet we’ve all been singing from out the window.
In recent webinar “Preventing Helpdesk Phishing with Duo and Traceless”, Duo PMM Katherine Yang sat down with Gene Reich, Co-founder of Traceless to discuss why stronger identity verification is critical for MSPs and helpdesk teams—especially with the increased accessibility of AI technologies driving identity fraud. Prevention is key, and as Katherine argues, “if verification isn’t present, it really can’t be a trusted interaction.”
Protecting your MSP — The threats
Identity is a growing, and vulnerable, perimeter. The user is often the first and last layer of defense an organization has, and scams are becoming increasingly convincing.
In the 2019 MGM cyber-attack, in which a threat group found its way in through helpdesk impersonation, the hackers were, “young, savvy, and familiar with basic IT workflows, they knew identity and access management protocols and [were] native English speakers.” — Preventing Helpdesk Phishing with Duo and Traceless Webinar
Helpdesk impersonation is a big concern today, with MSPs contending with fraudulent attempts from attackers pretending to be clients. Simultaneously, customers are also targeted by hackers pretending to be their IT team. This includes methods like:
Vishing: Voice phishing through fraudulent phone calls to trick victims into providing sensitive information, often login credentials or financial details.
Number spoofing: Pretending to be a legitimate source — a business, colleague or trusted contact to access personal information, money or spread malware.
Phishing Kits: To make phishing campaigns more efficient, attackers will often reuse their phishing sites across multiple hosts by bundling the site resources into a phishing kit.
The worry is that AI is lowering the barrier to entry for cybercrime, with emails and voice cloning becoming increasingly convincing. Traceless, an advanced threat protection solution for securing modern communications, was founded when Gene realized the risks his own MSP faced in sending and receiving sensitive information. When threat actors figure out how to automate defense evasion techniques, organizations cannot respond and remediate quickly enough. According to Gene, “the automation [and] the tool stack improvement on the attacker side is going to rapidly accelerate and increase.”
Protecting your MSP — The solution
Solving the problem of helpdesk phishing requires preventative action and a tested plan in place to mitigate the fallout if a breach does occur. So how do we bridge that trust between an MSP and client? Gene argues “we need to start thinking critically about MFA securing communications. We are in a world where voice calling is not enough to confirm transactions.”
In a quick poll during the webinar, MSP attendees shared that they use a few mechanisms for verifying identity: security questions, PINs, employee IDs or phone number call-back. For the savvy, an app-based MFA push enabled smoother helpdesk interactions.
It’s all about identify verification. More traditional methods for helpdesks might have been a callback but this can be time-consuming and in the era of ‘vishing’, it is no longer effective.
Watch the full webinar for more security insights, tips and best practices for verifying identities and securing communications with customers.
How can Duo MSP help?
Duo aims to provide a holistic identity security solution with multi-layered defenses and features like device trust and centralized access controls to help MSPs keep their clients safe. This includes:
Free push verification to check user identity real-time before granting access or making changes, while customers are still on the phone
Granular role-based controls so employees can still access their data, while keeping more sensitive information secure/reducing risk of lateral threat expansion
Segmented access policies to keep track of who is accessing from where for greater visibility and to create a baseline for identifying abnormalities
MFA for an extra layer of security and an audit trail, along with single sign-on and passwordless authentication for more advanced access security protections
A solution worth your time is one that focuses on security efficacy but is also designed for better customer and management experience.
Preventing helpdesk phishing is more than just adding a solution; it's all about layering preventative and responsive measures that will keep pace with modern attacks.
Traceless is a security tool and Duo technology partner that offers advanced threat protection for communication platforms including ticketing and chat. Traceless has prevented thousands of phishing attacks and protects some of the largest MSP and IT departments in North America, ensuring maximum security against phishing, Voice AI attacks, account takeovers and data exfiltration. To learn more about identity verification and secure data transfers with Traceless, visit the Traceless website.
If you’d like to learn more about the Duo MSP program and get started as a partner, visit the Duo MSP web page.