Recent attacks by Scattered Spider on UK retailers highlight the dangers of help desk scams used to bypass MFA and gain account control. Their tactics include social engineering, vishing, and sophisticated MFA-bypass tools, emphasizing the need for stronger help desk security measures. #ScatteredSpider #HelpDeskScams
Keypoints
- Help desk scams involve impersonating users to reset credentials and MFA.
- Attackers target high-privilege accounts to facilitate data theft and ransomware deployment.
- Scattered Spider has been using these techniques since 2022, with increasing severity.
- Methods such as vishing, SIM swapping, and AiTM phishing kits are part of their toolkit.
- Organizations should implement multi-party approvals and verification to resist these attacks.
Read More: https://thehackernews.com/2025/06/scattered-spider-understanding-help.html