Why helpdesks are vulnerable
https://www.bleepingcomputer.com/news/security/how-to-attack-your-own-service-desk/
In 2020 cybercriminals launched a spear phishing attack against Twitter that successfully scammed victims out of $180,000 worth of Bitcoin.
The attacker used a phone-based social engineering scam against Twitter employees in order to gain access to privileged accounts. The perpetrator then used these accounts to access various celebrity accounts and sent tweets promising followers that if they donated Bitcoin, then they would receive double that amount in return as COVID relief.