The New Help Desk Scam: Why One Phone Call Can Put Your Cloud Apps at Risk
Small businesses have spent years training employees not to click suspicious links. That still matters, but attackers are now leaning harder on something more personal: the phone.
Recent reporting from Google Threat Intelligence and others has highlighted voice phishing, often called “vishing,” where attackers call employees while pretending to be IT support, a vendor, or a help desk representative. The goal is simple: convince someone to approve a login, share a code, reset multi-factor authentication, or connect a cloud app that should never have been approved.
For a small business, that one call can open the door to Microsoft 365, Salesforce, SharePoint, Slack, Google Drive, DocuSign, or other business systems.
These scams work because they sound normal. An employee may hear something like:
The caller may know the company name, employee name, vendor names, or even internal-sounding language. That makes the request feel believable.
The risk is not only that a password gets stolen. In many modern attacks, criminals are trying to steal access tokens, register their own device, or trick a user into approving access to a cloud app. That can let them enter business systems without needing the employee’s password again.
Many Orlando-area small businesses use cloud tools every day for customer records, invoices, files, email, schedules, and internal communication. If one employee account is taken over, the attacker may be able to:
The business impact can be serious: lost trust, payment fraud, downtime, legal stress, and expensive cleanup.
Start with simple staff rules. Employees should know that real IT support will not pressure them to approve a surprise login, share a code, or bypass normal procedures.
Create a callback process. If someone receives an unexpected IT or vendor call, they should hang up and call back using a trusted number already on file.
Review multi-factor authentication settings. Push approvals and SMS codes are better than passwords alone, but phishing-resistant options such as security keys or passkeys offer stronger protection for higher-risk accounts.
Audit cloud app permissions. Many businesses do not regularly check which outside apps have access to Microsoft 365, Salesforce, Google Workspace, or other systems.
Monitor suspicious sign-ins. Look for unusual locations, new devices, odd login times, and unexpected app authorizations.
Limit access by role. Not every employee needs access to every file, mailbox, customer record, or admin tool.
The new help desk scam is dangerous because it feels like ordinary business communication. A calm, confident phone call can be just as risky as a malicious email.
A full Windows drive can slow down work, block updates, and create daily frustration. Learn…
NOAA expects a below-normal 2026 Atlantic hurricane season, but Florida small businesses still need backup…
Recent exploited VPN vulnerabilities are a reminder for small businesses to review remote access, firewall…
OneDrive and SharePoint sync problems can slow down daily work. Learn practical fixes small businesses…
AI agents are moving into business software. Learn how small businesses can prepare workflows, permissions,…
Microsoft 365 passkeys can help reduce password and phishing risk. Learn what Orlando small businesses…