Social Engineering
Meets AI
How Attackers are Turning OSINT, Voice Deepfakes, and Helpdesk Impersonation
into the Fastest Path to Account Takeover
Friday, May 29, 2026, at 12PM ET
Live Virtual Session
THE NEXT CHAPTER
Last month, we walked through how attackers use OSINT to quietly build a picture of your team. The org chart. The network structure. The vendor relationships. The schedule.
All pulled from public sources, weeks before any contact happens.
This session is the next chapter. What attackers do with that intelligence once they have it.
THE TOOLKIT CHANGED
Social engineering has always been the most reliable way into a network. But what’s changed, thanks to AI, is the toolkit. Voice cloning is now a consumer-grade capability. Real-time face swap runs on a gaming GPU.
AI has dropped the time and cost of impersonation through the floor.
So, when an attacker calls your helpdesk now, they don’t have to bluff. They sound exactly like the executive whose account they want.
And they know the org because they analyzed your digital footprint.
Why This Matters for MSPs
Security stacks were largely built around three assumptions: the attacker has to break in, use malware, and bypass MFA. Email filtering, EDR, and conditional access all sit downstream of those assumptions.
This attacker doesn't fit any of them. They get the helpdesk to let them in. They don't use malware until well after they've already authenticated. And they don't bypass MFA. They get it reset, legitimately, by an employee whose job is to be helpful.
That exposure multiplies across every client you support.
One verification gap in your helpdesk procedure carries the same risk across your entire book of business. The controls that close it don't live in the inbox or on the endpoint.
They live at the helpdesk, in the procedure, and in the conversation between the technician and the caller.
What You’ll Walk Away With:
1. The Helpdesk Impersonation Attack Walkthrough
You’ll see exactly how the call goes. The recon, the pretext, the manufactured urgency, the verification bypass, the reset. Every decision point an attacker makes and every decision point your helpdesk has to get right.
You’ll also see a voice clone built from thirty seconds of public audio, and what it sounds like on a helpdesk call.
2. The Social Engineering Defense Stack
A four-layer framework you can take into your client’s environment and start using this week. People, procedure, technical controls, detection and response. Each layer named, each layer specific, each layer mapped to a real configuration or a real procedure.
You’ll know what to roll out, in what order, and which layer to start on this week.
3. The Client Conversation Translation
The two-sentence translation that defuses panic. The two-sentence reframe that overcomes dismissal. The method for positioning the Defense Stack as the response without making the conversation a vendor pitch.
Plus the cyber insurance angle that gets clients to take this seriously when nothing else does.
The Bottom Line
This is not a future-state problem.
- Forty-three percent of cybersecurity leaders surveyed by Gartner reported an audio call deepfake incident already.
- Thirty-seven percent reported a video call incident.
The attacks are happening now.
The controls that fix this are not new tools. They are written procedures, scoped roles, phishing-resistant MFA on the accounts that matter, and a helpdesk that does not reset MFA on the first call.
You either build the stack before the call, or you find out you didn’t have one when the call comes in.
