The New York State Department of Financial Services (DFS) last week warned all financial services companies of a new cybersecurity threat targeting information technology (IT) help desks and service centers. A letter dated September 27, 2024 stated, “DFS has seen evidence that threat actors are targeting IT help desks and call centers using, among other tactics, voice-altering technology in conjunction with information obtained on the internet about the identities of personnel to convince help desks to reset passwords and divert multi-factor authentication (MFA) to new devices.”
DFS urged all entities it regulates to alert help desk and service center staff to be diligent in authenticating the identities of anyone who requests changes to authentication factors. While most Big I New York members do not have help desks, many do use insurance carrier call centers. You may find that the call centers’ staff will take more steps to verify your identity when you contact them than they did before. This will likely be because of this new DFS alert. You should anticipate this when contacting them.