When CISOs think about the cost of a successful impersonation attack, the instinct is to count the money. A wire transfer that got approved. A vendor change that should not have been processed.
That instinct is wrong for the dominant impersonation vector in 2025 and 2026.
The most damaging vishing attacks today do not target finance teams. They target help desks. The objective is not a transfer. It is a credential reset, an MFA re-enrollment, or a privileged access grant. The financial loss is downstream. The breach is upstream.
Vishing is the #1 initial infection vector for cloud compromises
Mandiant’s M-Trends 2026 report ranks voice phishing as the #1 initial infection vector for cloud compromises, at 23% of cloud intrusions in 2025, and the fastest growing initial infection vector overall. Email phishing dropped from 14% to 6% in the same period. The attacker workflow has shifted from the inbox to the phone call.
CrowdStrike’s 2026 Global Threat Report documents the pattern precisely. In 2025, Scattered Spider “almost exclusively relied on social engineering techniques to persuade help desk personnel to perform self-service password resets” to gain initial access to cloud and SSO accounts. One documented incident: help desk call, self-service password reset, SSO access, Active Directory credential dump, ransomware staged. Total time under three hours. One managed endpoint touched.
That is the attack. Now the control question.
Why the existing security stack does not see it
Help desk vishing is not a technical exploit. It is a workflow exploit.
The attacker never attempts to authenticate, they never trigger an MFA prompt. They never produce a token an EDR can inspect. They call the recovery workflow and ask for the credentials to be reset before the authentication layer ever becomes relevant.
This means the controls organisations spent the last decade hardening, MFA, conditional access, endpoint detection, SIEM correlation, IAM policy enforcement, are structurally absent from the workflow where the breach begins. The help desk agent is the control. That is the entire control. And agents, whether internal or outsourced, are vulnerable to social engineering by design.
CrowdStrike reports 82% of detections were malware-free in 2025, up from 51% in 2020. 35% of cloud incidents involved valid account abuse. The adversary is operating through legitimate credentials and legitimate identity flows. Signature-based and endpoint controls do not see this activity.
What gets lost is not the wire transfer
The cost framing matters because budget conversations track to the wrong number.
The direct financial impact of a fraudulent wire transfer is bounded. The transfer can sometimes be clawed back. Cyber insurance covers some of it. Finance teams have controls designed for this exact failure mode.
The cost of a help desk-initiated Account Takeover is unbounded. MGM disclosed approximately $100 million in Q3 2023 impact from a single Scattered Spider help desk compromise. M&S, Caesars, and others in the same cluster sustained material operational and financial damage. The pattern is consistent: the call is cheap, the breach is expensive, and the recovery is measured in quarters.
The downstream cost categories CISOs should be tracking:
- Time to AD credential dump after initial reset, which CrowdStrike documents in under three hours
- Privileged accounts created or reactivated during the attacker’s dwell window
- Systems requiring forensic clearance before being trusted again
- Regulatory disclosure obligations triggered by the access path the help desk granted
None of these are line items in the wire fraud framing.
The control that closes the gap
Gartner’s January 2026 research on protecting IT service desks against social engineering (G00842004) makes the operational point directly: minimise the opportunity for social engineering to be viable by removing the autonomy of service desk agents to decide if account recovery can proceed, relying instead on application-level policies.
In practice, that means the verification decision cannot live with the agent. It has to run as a control before the agent touches the ticket.
imper.ai is built for this control point. When a recovery request reaches the help desk, the caller is sent a verification link by SMS or email. Opening that link initiates a session that two technologies inspect in parallel, before the agent processes the request.
Impersonation Detection Engine. The link-click session is where the attacker has to expose infrastructure. The voice on the phone is unobserved by any technical control. The session that follows is not. The Impersonation Detection Engine inspects the device, network, and session environment to evaluate whether it looks like a legitimate working environment or an attack-prepared one. Signals include geographic plausibility against the employee’s recent login history, commercial VPN or datacenter tunnel use, virtual machine indicators, active remote desktop sessions, browser characteristics, and the presence or absence of the artefacts that accumulate on real, used devices over time. No single signal is a verdict. The architecture is a weighted score across categories with a tiered confidence model.
Why this works when the device has never been seen before.
Real employees lose phones. They buy new laptops. They occasionally log in from a personal device while their work device is being replaced. A control that fails any session on an unfamiliar device fails the legitimate workflow it is supposed to protect.
The Impersonation Detection Engine does not depend on a prior match. A new device used by a real employee carries the residue of normal use, installed extensions, signed-in accounts across common services, accumulated browser storage, consistent timezone and language settings, hardware characteristics that agree internally. A device stood up for an attack does not. Clean browser profiles, zero signed-in accounts, near-zero storage history, virtual machine artefacts, mismatched OS and IP geography, these are the patterns of a session prepared for a single use, not a device a person actually works from. The engine evaluates the session on its own merits, and the legitimate employee on a brand new device passes for the same reasons the attacker does not.
AI-Driven Contextual Verification. Confirms the caller is the legitimate account holder through dynamic, role-based questions grounded in the employee’s real recent work. Which system did you access before submitting this request. Which ticket did you close yesterday. This is not knowledge-based authentication. The answers are not in breached data because they did not exist before the session.
The agent receives a verified signal, not a judgment call. The attacker has to defeat both layers simultaneously, from the same session, in real time. Clean infrastructure plus unknown work history fails. Known work history plus flagged infrastructure fails. The combination is the control.
No documents. No biometrics. No friction for legitimate employees.
What this means for CISO budget conversations
Two questions reframe the vishing budget discussion:
How many help desk calls last month were password resets or MFA re-enrollments. What verification ran on those calls.
If the answers are unknown, the urgency is not the wire transfer. The urgency is that the #1 initial infection vector for cloud compromise is operating against a workflow with no measured control coverage.
That is the gap. It is fixable. The control exists. The first step is measuring the exposure.
Common questions
What is help desk vishing?
Help desk vishing is a social engineering attack where a threat actor calls an organisation’s IT help desk impersonating a legitimate employee to obtain a credential reset, MFA re-enrollment, or privileged access. It is currently the #1 initial infection vector for cloud compromises per Mandiant M-Trends 2026.
How is help desk vishing different from CEO fraud or BEC?
CEO fraud and Business Email Compromise target finance teams to trigger fraudulent payments. Help desk vishing targets IT service desks to obtain account access. The immediate consequence of BEC is a wire transfer. The immediate consequence of help desk vishing is Account Takeover, with credential dumps and ransomware deployment as common follow-on activity.
Why doesn’t MFA stop help desk vishing?
MFA verifies a device. Help desk vishing bypasses the login entirely. The attacker calls the help desk and has the credential reset before any authentication attempt is made. MFA is a strong control for the workflow it covers. The recovery workflow is a different workflow with a different control gap.
What happens if a legitimate employee is calling from a new device?
The Impersonation Detection Engine does not depend on a prior device match. It evaluates the session itself. A real employee on a new device still operates from a normal browser environment with installed extensions, signed-in accounts, accumulated history, and consistent hardware and network characteristics. A session prepared for an attack does not. The engine distinguishes between the two without needing to have seen the device before.
Which threat groups conduct help desk vishing?
Mandiant and CrowdStrike name Scattered Spider, also tracked as UNC3944, as the primary cluster targeting help desks for self-service password resets. Documented victims include MGM Resorts, Caesars Entertainment, and Marks & Spencer.
What does a control against help desk vishing look like?
A control that runs as an application-layer policy before the help desk agent processes the request. It needs two capabilities: detection of the infrastructure the recovery session is operating from, and verification that the caller is the actual employee. Neither capability alone closes the attack path. Both together do.
Source notes: Mandiant M-Trends 2026; CrowdStrike 2026 Global Threat Report; Gartner G00842004, “Protect Your IT Service Desk Against Social Engineering Attacks,” January 2026; MGM Resorts International 10-Q, Q3 2023.
Next in this series: Inside the help desk vishing kill chain, what attackers control, and what they cannot.
Book a 15-minute walkthrough of imper.ai for Help Desk
