The MSP Security Gap

Turn security gaps into sales opportunities with weekly attack scenarios

Turn security gaps into sales opportunities with weekly attack scenarios

The number in the email

The scenario:

Your client's employee gets an email. A subscription they do not remember has renewed. $499 charged. Call this number to cancel. 

There is no link to click and no attachment to open. Only a phone number. 

How it unfolds:

They call to stop the charge. A calm agent answers, confirms the refund, and asks them to install a small support tool to process the refund. 

The tool is remote-access software. The moment it runs, the agent is on the machine. They move money, read files, or leave a foothold behind for later. 

There was no malicious link and no attachment, so the email passed every filter. The attack waited for the victim to dial in. The employee invited the attacker onto their own screen. 

The warning signs:

  • An email about a charge or renewal you do not recognize, with a phone number and no link. 


  • Pressure to call now to stop a payment. 


  • A caller who asks you to install software or grant remote access. 


  • A refund that needs you to log in to your bank while the caller watches. 

Stop it:

  • Never call the number in an unexpected charge email. Check the account directly with the real provider. 


  • Never install remote-access software at the request of an inbound or call-back contact. 


  • Tell staff a real refund never needs them to log in while someone watches. 

-

PS: The email and the call leave nothing for a filter to catch. The remote-access tool does. The moment it runs on a managed endpoint the process shows up, and catching it there is how we help. 

More attack scenarios

The download that was not the download

The help desk reset