Technician Verification via SMS

Social engineering attacks by bad actors at an MSPs clients are increasing. Bad actors are imitating the MSP / IT Service Provider attempting to gain access to a computer, server or network. CDK Networks was breached recently and they leveraged that breach to immitate the MSPs/Service Providers by calling on the dealerships in attempts to gain access to client computers and networks. 

The purpose for Technician verification is for the client of the IT company or service provider to verify the support company is legitimate before allowing access to their computer systems or providing sensitive information without verifying the caller. Typically, the systems available today provide a mechanism for the IT company verifying the end user calling in for IT support. This would be providing that same capability but in reverse.

The process could not be more simple. When you signup you receive a Verification Phone number. You simply provide this to all of your existing clients and let them know they can request a verification via SMS to it. 

  1. The user sends a #verify message to the number you have provided to them. 

  2. Each party is sent a randomly generated 6-digit code.

  3. The Technician provides the code to the end user and assigns the verification to the ticket in progress for tracking. 

  4. The end user types #confirm to the same number to confirm the verification was successful.

  5. The user receives back an automated message showing the verification was completed successfully. 

 

To test it out send #verify to the phone number you selected above in the first step from your mobile phone. You will receive back a code automatically. 

The technician will also get a copy of this code in his PSA portal or inside our MSP Process webapp. ConnectWise is shown below for reference. 

 

Once the technician reads the code back to the user, the user can type in #confirm and send to complete the confirmation process. 

 

To setup Technician Verification: 

First go to Verification Settings -> Select Verification Phone Number. If one is not already selected, please select one to use. This number will be used for both End User Verification and Technician Verification purposes. So your users will only need to use the one number and they will receive codes for end user verification over the same phone number.