There’s been a noticeable rise in attackers abusing “forgot password” workflows against support teams
Instead of targeting the victim directly, attackers contact customer support pretending to be locked out users. They use leaked personal data to sound convincing and pressure agents into bypassing normal recovery steps. In some incidents, the technical defenses were solid, but the support process became the weakest point. These cases are difficult to investigate because the access technically followed approved procedures. It’s becoming clear that social engineering defenses need to include internal staff just as much as end users.
u/ImaginationFair9201 — 8 days ago