Here is exactly how the MGM Resorts breach started. A hacker found an employee on LinkedIn. They called the IT help desk, said they were that employee, and asked for a password and MFA reset. The help desk agent complied. The call took ten minutes. The breach cost MGM $100 million.
No malware. No zero-day. No technical exploit of any kind. A phone call.
The instinct, when you read that, is to reach for the technology fix – stronger MFA, identity verification tools, new service desk protocols. Those things matter. But they address what happened after the help desk agent made the wrong call. They don't address why the agent had no chance of making the right one.
That agent had never practiced this. No one had put them on a simulated call with an attacker who already knew the employee's name, their department, their manager, and the exact script to create urgency without raising suspicion. They had no pattern recognition to draw on. The ten-minute call was the first time they had ever encountered this scenario – and it was real.
That is the gap this article is about.
Your help desk was designed to help people. Attackers reverse-engineered that.
Your IT help desk exists to resolve problems quickly. An employee is locked out of their account, panicked before a meeting, unable to access the system they need – and the help desk resolves it fast. Speed and helpfulness are the metrics. That design is correct.
Attackers have studied that design carefully. They construct calls that look and feel like the highest-urgency, most routine situations help desk agents handle every day: locked out of the account, new phone, can't receive the MFA code, meeting in twenty minutes, need this resolved now. Every element of the call is engineered to feel like a normal bad Monday.
The verification methods most help desks use – employee ID, manager's name, last four digits of a phone number – are inherently vulnerable to this approach. All of the information needed to pass those checks is, for most employees, publicly available: LinkedIn, company websites, press releases, earnings call recordings. Social engineering now accounts for 60% of data breach incidents. The help desk was not designed with this threat in mind. It shows.
The script doesn't change because it doesn't need to.
The temptation is to treat MGM as an outlier – an anomalous breach that prompted better controls and moved on. The two years since have made that impossible.
In April 2025, Marks & Spencer disclosed a ransomware attack after attackers duped its IT help desk into resetting employee credentials. In May 2025, Co-op Group confirmed that member data had been accessed following help desk social engineering. Harrods confirmed attempted unauthorized access the same week. Three major UK retailers. Two weeks. The same playbook.
The group behind those attacks – Scattered Spider, tracked by Mandiant as UNC3944 – did not change its tactics between MGM in 2023 and the UK retail wave in 2025. CISA updated its advisory in July 2025 confirming new TTPs, but the foundational approach remained identical: find the target on LinkedIn, call the help desk, impersonate the employee, reset the credentials, deploy ransomware.
Mandiant and Unit 42 warned in June 2025 that Scattered Spider had pivoted to targeting aviation, airline, and transportation industries – the group's fourth industry pivot in roughly eight weeks. The help desk is not being targeted opportunistically. It is being targeted systematically, at scale, because it works.
Mandiant's M-Trends 2026 report, built on more than 500,000 hours of incident response investigations, confirms it: voice phishing is now the second-most common initial infection vector globally. In cloud environments specifically, it is number one.
Your help desk is not safe because it hasn't been hit yet. It is safe until the group working through a target list reaches your name.
The call your agents aren't ready for
Understanding the attack at the script level is what makes simulation training possible. Generic awareness training tells agents that social engineering exists. It doesn't put them on a call with someone executing it in real time.
The standard help desk vishing script has three structural elements that repeat across virtually every documented incident.
A plausible identity, assembled from public sources. Before the call, the attacker has spent twenty minutes on LinkedIn. They know the target employee's name, job title, manager, and department. They may know the employee's email format and whether they have been publicly mentioned in company announcements. None of this requires technical skill. It requires a free account and patience.
A routine pretext framed as urgent. The most common pretexts across Scattered Spider incidents involve a new phone requiring MFA re-enrollment, a locked account preventing access to a system needed immediately, or a security alert the employee "received" requiring credential verification. The urgency is calibrated to feel like a normal emergency – annoying and time-sensitive, but not suspicious. The employee being impersonated is, in that framing, simply having a bad day.
A specific ask that falls within the agent's normal authority. The attacker is not asking for anything unusual. Over 40% of all help desk tickets are password resets. MFA re-enrollment is a routine request. The ask is indistinguishable from a legitimate one because it was designed to be.
What the agent is being asked to recognize is not a suspicious email with a misspelled sender. It is a familiar workflow, executed under normal pressure, by someone who sounds exactly like a colleague in a bind. No training that focuses on email red flags prepares anyone for this.
The four reflexes your help desk staff need to practice
Awareness is not preparation. Reading about a vishing script is not the same as handling one under real-time pressure. Employees who have been trained through simulation consistently outperform those trained through video modules when actual attacks arrive. Help desk staff specifically need four things – not as knowledge, but as practiced reflex.
Structural pattern recognition, not voice recognition
In a world where AI voice cloning can replicate a specific person's voice from three seconds of audio, the voice cannot be the signal. What can be the signal is the structure of the call: urgency plus authority plus a request to skip or abbreviate normal verification. That combination – whatever the voice sounds like – is the flag. Agents who have internalized this pattern catch calls that agents listening for "something that sounds off" will miss every time.
Out-of-band verification as a default, not an escalation
The single most effective process control against help desk vishing is a verification call to a known number – not the number the caller provided, not a callback to the number on the request, but a number pulled directly from the internal directory. Requiring that step before any credential reset blocks most social engineering attempts cold. Agents who have practiced this reflex execute it automatically. Agents who have only read about it treat it as friction and skip it under pressure.
Specific handling for MFA reset requests
MFA reset and new device enrollment are the specific asks that unlock everything else for an attacker. A password reset matters, but an MFA reset is the real prize – it bypasses the control that was supposed to make the password irrelevant. These requests need to be treated as privileged changes: strong verification required, every request logged with the method of verification used, exceptions routed to a trained queue rather than approved at tier one. Agents need to have internalized that an MFA reset request from an unfamiliar caller is categorically different from a routine locked-account call – even when the two feel identical in the moment.
A clear protocol for when something feels wrong
The help desk agent who suspects a call is fraudulent has no script for what happens next. They need one – who to escalate to, how to end the call without tipping the attacker, how to document and report it immediately. Mandiant's M-Trends 2026 data shows that the time between initial access and handoff to a secondary threat group has collapsed to 22 seconds in some cases. The window between a suspicious call and a full credential compromise can be minutes. Knowing what to do after recognizing an attack matters as much as recognizing it.
Why generic security awareness training has no answer for this
Most security awareness programs are built around a single channel: email. The simulations test click rates on suspicious links. The modules explain how to identify phishing indicators in a header. The metrics report on who completed the annual training.
None of that prepares a help desk agent for a vishing call. Not partially. Not as a foundation. The threat model, the channel, the psychology, and the required response are all different.
Mandiant's M-Trends 2026 specifically calls out the need to train IT help desk staff on live, voice-based social engineering – treating it as a distinct requirement from email phishing training, not a subcategory of it.
Generic SAT platforms have no mechanism to build that muscle. They don't simulate calls. They don't reflect your org's actual ticket workflows, your identity provider, your verification procedures, or the specific pretexts an attacker who has spent time on your LinkedIn would use. A module on vishing is not a simulation. A simulation built on a fictional company's workflows is not preparation for a call targeting yours.
A simulation built around a fictional company prepares your team for nothing
A vishing simulation for your IT help desk is not a generic suspicious-caller script read by an actor. It is a scenario built around the specific context of your organization – because that is exactly what the attacker builds.
Frame's Phishing Simulator generates help desk vishing simulations built around your actual environment: your real employee names and roles, your identity provider – whether that's Okta, Microsoft Entra, or ServiceNow – your actual MFA setup and reset workflows, your internal terminology. The simulation your agent receives sounds like a call about your systems, using your language, referencing your processes. Not a placeholder company. Yours.
When Scattered Spider pivots to targeting your industry – as it did from casinos to retail to insurance to airlines in roughly eighteen months – your help desk team can be running a simulation built around that exact pretext the same day the threat becomes relevant. Not when the next content update ships.
And when an agent fails – accepts the call, resets the credentials, enrolls the new device – Frame's Content Studio generates their next training automatically around exactly what fooled them. The failure becomes the curriculum. They practice the specific scenario they couldn't handle, built around the real workflows they will face again, until the reflex is there.
The attacker who calls your help desk has already practiced this. They have run this script across hundreds of organizations. The only question is whether the agent who answers has practiced it too.
TL;DR
- The MGM breach started with a ten-minute vishing call to the IT help desk – LinkedIn reconnaissance, employee impersonation, credential reset, $100 million in damages
- Scattered Spider used the identical playbook against Marks & Spencer, Co-op, Harrods, and US insurers and airlines through 2025 – the same attack, new targets, every time
- Voice phishing is now the #2 initial infection vector globally and the #1 vector in cloud environments, per M-Trends 2026
- Help desk agents are not failing because they are careless – they are failing because they have never practiced this scenario under real-time pressure
- The four reflexes help desk staff need: structural pattern recognition, out-of-band verification as default, specific handling for MFA reset requests, and a clear protocol for suspected calls
- Generic SAT programs simulate email – they do not simulate calls built around your org's actual identity provider, ticket system, and verification workflows
- Frame generates help desk vishing simulations built around your actual environment – your tools, your workflows, your branding – in minutes, with post-failure training that turns every failure into a closed loop
Book a demo and see how Frame builds help desk vishing simulations around your actual organization – same day a new threat becomes relevant.
