Your Help Desk Agent Can't Tell It's Not You Anymore

It started with a phone call.

Somewhere in the Hong Kong office of global engineering firm Arup, a finance worker picked up a message from what appeared to be the company’s CFO in London. The email looked right. The email address looked right. The subject line referenced a “confidential transaction,” urgent but not unusual for someone at that level.

The worker was skeptical. A potentially suspicious email about secret wire transfers was exactly the kind of thing IT security training had warned about. So he did the sensible thing: he asked for verification. He joined a video call with the CFO and several senior colleagues.

The faces on that call were familiar. The voices were familiar. The conversation was professional and convincing. By the end of it, the worker had been walked through fifteen separate wire transfers totaling $25.6 million to five Hong Kong bank accounts.

Every person on that video call was a deepfake.

“None of our systems were compromised and there was no data affected. People were deceived into believing they were carrying out genuine transactions.” Rob Greig,, Chief Information Officer, Arup

Arup’s CIO later described what happened as “technology-enhanced social engineering.” Not a cyberattack in the traditional sense. No malware. No compromised credentials. No breached firewall. Just AI-generated faces and voices, weaponized against the most fundamental thing enterprise security has always relied on: the human instinct to trust what you can see and hear.

That instinct is now a liability. And your IT help desk is the place where it gets exploited most.

The Help Desk: Your Most Targeted Identity Checkpoint

Ask most CISOs where they’re most vulnerable to social engineering and they’ll talk about email phishing, SIM swapping, or CEO fraud. Far fewer think to mention the IT help desk. That’s exactly why attackers love it.

The help desk exists to be helpful. Its agents are trained to resolve issues quickly, to show empathy, and to err on the side of enabling the employee rather than obstructing them. Those are good instincts for a support function. They are catastrophic instincts when the person on the other end of the line is an attacker.

When Scattered Spider, the English-speaking cybercriminal collective responsible for breaching MGM Resorts, Caesars Entertainment, Marks & Spencer, Harrods, and dozens of other major enterprises, needs a foothold inside an organization, they frequently start with a single phone call to the help desk. They impersonate an employee. They have the right name, the right employee ID, the right backstory, and sometimes even the right voice, cloned from a LinkedIn video or a recorded company all-hands. They ask for a password reset or an MFA bypass.

They get it.

1 in 127

Retail contact center calls flagged as fraudulent. Pindrop,, 2025 Voice Intelligence & Security Report

That ratio (one in 127 calls fraudulent) comes from Pindrop’s analysis of over 1.2 billion contact center calls. And it’s the average. In insurance, synthetic voice fraud surged 475% in a single year. The number isn’t a warning of what’s coming. It’s a description of what’s already happening, right now, on the phones your help desk agents are picking up today.

The Technology That Broke the Old Playbook

For years, the informal authentication model at most help desks looked like this: the agent asks for an employee ID, maybe a mother’s maiden name or last four digits of a social security number, listens to see if the caller sounds legitimate, and then either resolves the issue or escalates.

That model assumed the attacker would sound wrong. Foreign accent. Robotic cadence. Hesitation when asked a verification question. Something to tip off a trained agent.

That assumption is gone.

Voice Cloning: Three Seconds Is All It Takes

Modern AI voice synthesis tools can generate a convincing voice clone from as little as three seconds of audio. A public LinkedIn video. A recorded earnings call. A company webinar. A YouTube interview. Any of these give an attacker enough material to produce a replica of a specific person’s voice, complete with natural intonation, rhythm, pauses, and emotional warmth.

Researchers at the University of Buffalo who study deepfake detection wrote in late 2025 that voice cloning has crossed what they call the “indistinguishable threshold”: the point at which synthetic voices can no longer be reliably told apart from real ones by human listeners. Some major retailers are already reporting over 1,000 AI-generated scam calls per day.

Seventy percent of people surveyed say they aren’t confident they could distinguish a real voice from a cloned one. The other thirty percent are almost certainly overconfident.

Real-Time Deepfakes: Beyond Pre-Recorded Attacks

The Arup incident used pre-rendered deepfake video: sophisticated, but still a static artifact. The next generation of attacks doesn’t rely on pre-recording at all.

Real-time deepfake tools now allow an attacker to appear on a video call as someone else, live, reacting naturally to questions and conversation. The face adapts. The voice adapts. The attacker can answer follow-up questions, make eye contact, laugh at a joke. Researchers describe the frontier as moving from “this resembles person X” to “this behaves like person X over time.”

The Arup case wasn’t a cyberattack. No systems were compromised. No passwords were stolen. The attackers never touched a single firewall. They made a phone call, then a video call, and walked away with $25 million.

Why “Just Train Your Agents” Isn’t an Answer

The instinctive response to this threat is more awareness training. Teach agents to be skeptical. Drill them on social engineering scenarios. Post reminders near their workstations.

It won’t work. Not because the agents aren’t smart or diligent. They are. It won’t work because it asks humans to reliably perform a task that humans are fundamentally not equipped to perform.

Consider what a help desk agent is actually being asked to do: in the middle of a high-volume shift, under KPI pressure to resolve calls quickly, with a caller who sounds exactly like an authenticated employee, the agent is supposed to spontaneously decide that this particular call, out of the dozens they’ve handled today, is from an AI voice clone. And then act on that suspicion, potentially frustrating a legitimate employee who genuinely needs help.

Humans are social creatures wired for trust. We’ve evolved over millennia to extend good faith to people who look and sound familiar. Scattered Spider understands this better than most security teams. Their entire model is built on exploiting human trust rather than defeating technical systems.

680%

Rise in deepfake voice activity year-over-year in 2024. Pindrop

The attack surface keeps expanding. Every company podcast, conference presentation, earnings call, and recorded all-hands creates raw material for voice cloning. Every LinkedIn profile photo creates raw material for video deepfakes. Reducing the attacker’s input data is not a viable defense strategy.

The only viable strategy is to remove the human judgment call from the equation entirely.

The Defense That Actually Works: Verify Identity, Not Voice

The problem with voice-based verification (whether it’s “does this person know their employee ID?” or “does this person sound right?”) is that it tries to authenticate the communication channel rather than the identity itself.

A deepfake can defeat channel-based authentication because the channel is what it’s spoofing. The voice sounds right because it was engineered to sound right. The face looks right because it was rendered to look right. No amount of agent training changes the fundamental vulnerability.

The answer is to move verification out of the communication channel and into an independent system that the attacker cannot spoof by controlling the audio or video on a call.

This is what modern identity verification for IT help desks looks like in practice:

• Out-of-band identity challenges pushed to the employee’s enrolled, verified device: not delivered through the same channel as the call
• Biometric verification tied to a specific device and identity, requiring the actual enrolled person to authenticate, not just someone who knows their employee ID
• Phishing-resistant MFA that cannot be bypassed by an attacker controlling the voice or video on a call, even if they have every piece of knowledge-based authentication information
• Zero-trust reset workflows that treat every account recovery and MFA reset as a high-risk transaction requiring independent verification

The goal isn’t to make agents better at spotting fakes. The goal is to build a system where a successful deepfake impersonation on a call can’t result in an account takeover, because the verification doesn’t happen on the call.

Applied to the Arup scenario: even if the deepfake video call had been completely convincing, a verification system requiring an independent challenge sent to the actual CFO’s enrolled device would have stopped the fraud before a single wire transfer was authorized. The deepfake would have been irrelevant.

Applied to your help desk: even if a Scattered Spider operative perfectly impersonates one of your employees, an out-of-band identity challenge to that employee’s registered device forces the attacker to also have physical access to that device. Social engineering alone is no longer enough.

What This Means for Your Organization Right Now

The velocity of this threat is worth sitting with for a moment. Deepfake fraud attempts grew 1,300% in a single year. Real-time voice synthesis is now accessible to anyone with an internet connection and a few dollars. The Fortune research on voice deepfakes was published in December 2025 with a stark headline: 2026 will be the year you get fooled by a deepfake.

This is not a future problem. It is a current problem that most help desks are not equipped to handle.

The questions worth asking about your organization today:

• What does your help desk agent do today when someone calls to reset MFA on an executive account? How many independent verification steps are required, and can any of them be bypassed by someone who controls the audio of the call?
• How does your account recovery process verify that the person requesting a password reset is the legitimate account holder, not just someone with access to their name, employee ID, and a voice clone?
• What happens at 11pm on a Friday when coverage is minimal and an “executive” calls with an urgent access issue? Is the verification process the same as it would be on a Monday morning?
• If a deepfake got past your agents today, how long would it take to detect it?

The Arup case ended with a $25 million loss, an ongoing police investigation, and a CIO making public statements about the increasing sophistication of bad actors. The discovery came only after the finance worker checked with the actual headquarters and learned that no such meeting had ever taken place.

The fraud was only discovered because the attacker eventually ran out of calls to make.

Modern identity verification doesn’t give attackers that opening. It closes the loop at the moment of the request, not after the damage is done.

The Bottom Line

Your help desk agents are doing their jobs exactly as they’ve been trained to do them. They’re answering calls, verifying what they can, and trying to be helpful. They are not failing: the verification systems they’ve been given to work with are failing them.

The threat has changed. A caller who sounds exactly like your CFO, who knows exactly the right details, who appears on video in a meeting with other familiar faces: that is not a scenario any amount of awareness training reliably catches. That is a scenario that requires verification to happen at a level the attacker cannot reach through voice and video alone.

That’s what phishing-resistant identity verification for the IT help desk is designed to do. Not to teach agents to be more suspicious. To make their suspicion irrelevant.

Sources: Pindrop 2025 Voice Intelligence & Security Report · Arup / CNN / World Economic Forum (2024–2025) · Fortune / University at Buffalo deepfake research (December 2025) · CISA Scattered Spider Advisory AA23-320A (updated July 2025) · Keepnet Labs Deepfake Statistics 2026