🟡 Medium  | Source: The Register — Security
Dutch police have arrested six individuals, including a 15-year-old, suspected of running a helpdesk fraud operation that combined phone-based social engineering with in-person house visits to convince victims their bank accounts were compromised. By physically attending victims’ homes, fraudsters added a veneer of legitimacy to their scams, making it easier to extract banking credentials or cash. The case highlights an escalating tactic where cybercriminals blur the line between online fraud and physical deception.
Security Architect’s Take: Ensure your organisation’s security awareness training explicitly covers hybrid social engineering attacks — brief employees and contractors that legitimate IT or bank helpdesks will never make unannounced home visits, and reinforce out-of-band verification procedures for any unsolicited contact claiming to be from internal support or financial institutions.
Original advisory: Helpdesk scammers are making house calls to make their lies feel more real