Artificial intelligence (AI) has become a powerful tool in the hands of attackers, enabling them to launch sophisticated social engineering campaigns that target service desks. According to IBM’s 2025 Cost of a Data Breach Report, 16% of breaches involved attackers using AI tools, with phishing and deepfake impersonation attacks being the most common methods.
In this article, we will explore three ways AI is powering service desk attacks and provide guidance on how to prevent them.
Impersonation Made Easier by AI
Impersonation has long been a risk at the service desk, but AI makes it even harder for agents to judge whether a request is genuine. Attackers can use generative AI to create polished emails, convincing chat messages, and realistic call scripts in seconds. In targeted attacks, they can also use AI-generated voice or video to impersonate an employee.
Onboarding is especially exposed as new employees are not always known to IT teams, and first-day access issues are expected. An attacker posing as a new hire can use AI to sound credible, reference the right department, and create just enough urgency to push a request through.
Accelerating Reconnaissance and Personalization with AI
More personal information is available on the internet than ever before, and AI helps threat actors find it. When defending against onboarding attacks, this is a real concern. Organizations often share more than they realize. A welcome post might name a new employee, or a job advert might mention the systems the company uses.
Threat actors can pull this information, then use AI to scrape more from LinkedIn, company websites, job posts, press releases, and social media. They can then turn those details into a believable story. Names, roles, locations, departments, internal tools, and reporting lines can all be worked into a script that sounds credible.
Scaling Service Desk Attacks with AI
An attacker no longer needs to create a social engineering campaign from scratch. They can use AI to create dozens of phishing email variations, test different pretexts, and adapt their wording to tailor their efforts. This creates a problem for service desks because they are built to respond quickly.
Attackers know this, so they use urgency and persistence to make a malicious request feel like another routine task in a busy queue. AI makes it easier for attackers to adjust their approach, and they can try the same basic request across multiple channels or agents until someone approves the reset, releases the credential, or changes the recovery method.
Preventing AI-Enabled Service Desk Attacks
AI-enabled attacks are designed to look normal, so prevention cannot rely on service desk agents making perfect judgment calls under pressure. It’s here that specialized solutions can help secure an especially high-risk process the service desk deals with: onboarding.
Specops Secure Onboarding helps secure onboarding end-to-end and beyond, ensuring agents have the tools they need to confidently verify identity and protect new credentials from interception.
Securing Password Delivery During Onboarding
A new starter needs credentials quickly, but sending a password via SMS or email creates risk if it’s intercepted. A safer approach is to not send credentials at all. Specops Secure Onboarding instead allows the IT team to send secure enrollment links to new hires, with instructions explaining how to create their own strong passwords.
Using Biometric Liveness Detection to Defeat Impersonation
Traditional identity checks are becoming less reliable; for instance, the answers to security questions can often be guessed from information an attacker can source from social media profiles. Especially in instances where the service desk may not be familiar with the employee, such as a new starter on their first day, agents need confidence that the person requesting access isn’t an attacker impersonating a genuine employee.
Biometric liveness detection, delivered through solutions like Specops Secure Onboarding, can help by confirming that a real person is present during verification, rather than a static image, recording, mask, or deepfake.
Verifying Identity Before Sensitive Service Desk Actions
Sensitive actions need stronger identity verification before they are approved. This includes verifying the identity of new employees before granting them access to sensitive systems or data.
In conclusion, AI-powered attacks are increasingly targeting service desks, making it harder for agents to identify genuine requests. By understanding how AI is powering these attacks and implementing specialized solutions like Specops Secure Onboarding, organizations can prevent these types of attacks and protect their sensitive data.
Source: Original article