June 16, 2026

How Can Employees Avoid Help Desk Impersonation Scams?

Learn how cybercriminals impersonate IT support to steal credentials and how employees can spot and avoid help desk hijacking scams.

Employees can avoid help desk impersonation scams by verifying IT support requests through official channels, refusing to install software from unsolicited messages, and reporting suspicious communications immediately. Cybercriminals often create fake technical problems—such as flooding inboxes with spam emails—to cause confusion and then pose as IT personnel to steal credentials or install malware. Verification and caution are the most effective defenses.

How the Help Desk Hijacking Scam Works

  1. Cybercriminals send hundreds of junk emails to a target's inbox.
  2. The volume of messages creates urgency and confusion.
  3. The attacker contacts the employee through Microsoft Teams, email, phone, or another communication platform.
  4. The attacker claims to be from the organization's IT department and offers assistance.
  5. The employee is directed to install a "Mailbox Repair Utility" or similar tool.
  6. The employee is asked to enter company login credentials.
  7. The attacker captures usernames and passwords and may install malware on the device.

Warning Signs of a Fake IT Support Request

  • Unsolicited messages claiming to be from IT support
  • Urgent requests to install software immediately
  • Requests for usernames, passwords, or multifactor authentication codes
  • Links to unfamiliar websites
  • Unexpected Teams, email, or phone contacts offering technical assistance
  • Pressure to act quickly without verification

Steps Employees Should Take

  • Contact the IT department directly using approved company contact methods.
  • Verify support requests through official help desk channels.
  • Never enter credentials into websites provided through unsolicited messages.
  • Avoid downloading or installing software from unexpected sources.
  • Report suspicious emails, Teams messages, and links to IT security teams immediately.
  • Pause and verify before taking action when experiencing technical issues.

Potential Business Impact

RiskImpactCredential TheftUnauthorized access to company systemsMalware InstallationDevice compromise and network infectionAccount TakeoverLoss of access to business applicationsData ExposurePotential disclosure of sensitive informationOperational DisruptionDowntime and reduced employee productivity

Bottom Line

Organizations reduce the risk of help desk impersonation attacks by training employees to verify IT requests through trusted channels and report suspicious activity immediately.