Hardening Your Helpdesk? Don’t Forget This.

by
Nametag
North Korea Blog Post Header

What Unverified Identity Costs Enterprises Every Year

An industry-by-industry breakdown of what unverified identity costs enterprises every year.

IT support desks make identity decisions every day, each time someone asks to reset a password or regain access to an account. But agents have no way of knowing who's really making the request. As proxies for identity, they listen to the person's voice, check their employee ID number, and ask for their manager's name. All of these signals are now trivial to fake using AI. To combat modern impersonation, helpdesks need a new form of identity assurance.

Traditional trust signals can now be forged

Years ago, it took 30 minutes of recorded audio to convincingly clone someone’s voice. Today, it takes seconds. At a Federal Reserve conference in July 2025, OpenAI's Sam Altman told a room of bankers that AI has defeated voiceprint authentication, and that video is close behind. 

By the time Altman said it, that prediction had already come true.

In early 2024, a global engineering firm lost $25 million after a finance employee joined a video call with what looked and sounded like the company's CFO and several colleagues. Every participant except the employee was a deepfake. Interestingly, the attack opened with a phishing email the employee nearly caught. It was the deepfake video call that convinced him.

For enterprise helpdesks, an important part to understand about modern deepfakes is their range. The same models that clone a voice can write a clean, well-researched chat message, talk an AI agent into bypassing security measures, and produce a convincing forged ID on request.

Hardening one channel misses the point

Most helpdesks haven't meaningfully hardened any channel. The identity check behind a password reset is still a voice, a ticket, and a few facts an attacker can buy. And when teams do respond, the instinct is voice-first: train agents to spot signs of a synthetic voice, add a callback step, and tell people to trust their gut.

That response runs into two walls.

First, agents are being asked to win a contest of "human versus AI", even though research shows that people can't detect deepfakes but think they can. One meta-analysis of 56 studies found that human deepfake detection performance is no better than chance across audio, image, text, and video, while the underlying studies consistently report that people are overconfident in their judgments. 

Second, attackers aren't just targeting one channel. They're contacting you via chat, message, email, even via your AI support agent, often simultaneously. Harden one channel and attackers will just go elsewhere.

The surface worth defending is the moment a request can change something: a password, an MFA enrollment, or an access grant. Verify the human before that moment, no matter how the request comes in, and the channel stops deciding the outcome.

What it means to verify the human

To close the identity gap at their helpdesk, some IT teams have implemented enhanced security measures like sending a push notification to the employee’s authenticator app. But there is a critical difference between authenticating an account and verifying a human. An identity provider like Okta or Microsoft Entra ID can only confirm that valid credentials and a trusted device are in play, not who’s presenting them.

In other words, MFA answers which account is acting. It can’t tell you which person is involved. That's the gap Nametag is built to close.

Nametag verifies the real human behind high-risk support actions, directly inside your existing IT workflows and ITSM platform. When a request comes in, no matter through which channel, agents can send a verification request. Our Deepfake Defense™ identity assurance engine verifies them, and the agent sees a clear pass or fail result. No security questions.

No callback. No judgment call about whether a voice sounds right. Just verified identity assurance, delivered in seconds.

How your helpdesk stops being the way in

For years, the security industry has called people the weakest link. But that framing is unfair to a helpdesk agent whose job is to help quickly and keep the queue moving. Time and time again, IT support teams are expected to make high-stakes identity calls based on thin evidence and under time pressure, and attackers have learned to use this against you.

AI raises the stakes by making every impersonation more convincing, on every channel. Nametag changes the game again by delivering verified identity, on every channel. The helpdesk that used to be an attacker's easiest way in becomes a frontline security control the organization can count on.

If your helpdesk is rethinking how it proves identity, contact us today.

Secure your helpdesk against social engineering and impersonators.
Decline
Accept All Cookies