What security exploit is this?

During a normal workday, you receive a call at your desk asking for information about a recently submitted help desk ticket. Two things are remarkable about this particular call; you notice that the call is coming from an outside line, and you don’t have any recent help desk tickets. What security exploit should you be concerned about?