Fake IT Helpdesk? Don’t Fall for It
Threat group UNC6692 is conducting phishing campaigns by impersonating IT helpdesk staff. Attackers use convincing social engineering techniques, including emails and calls, to trick victims into revealing credentials or installing remote access tools. The campaign targets organisations globally and leverages trust in internal IT teams. Researchers warn that such attacks are highly effective due to their human-centric approach and recommend strengthening user awareness and verification processes.
A threat group known as UNC6692 is taking social engineering to new heights—posing as your friendly IT helpdesk.
The tactic is simple but effective: send emails or make calls pretending to be IT support, then convince users to hand over credentials or install software. It’s the digital equivalent of someone wearing a high-vis vest and walking straight into a building.
And it works.
People trust IT teams, especially when something “urgent” needs fixing. Attackers are exploiting that trust with alarming success.
🧠 Why This Works
• Urgency + authority = compliance
• Users often don’t question internal requests
🛠️ How to Defend
• Train staff to verify requests
• Implement MFA everywhere
• Restrict remote access tools
Remember: real IT teams don’t ask for passwords over email.