THE Hacker News reports that the Scattered LAPSUS$ Hunters (SLH) cybercrime collective has been observed offering financial incentives to recruit women to carry out social engineering operations, specifically targeted at IT help desks for vishing campaigns. The group is said to pay between $500 and $1,000 upfront per call and provides pre-written scripts to enable the attacks.
According to Dataminr, SLH is diversifying its social engineering efforts by recruiting women to conduct these vishing campaigns, likely to increase the success rate of impersonations at help desks. The article also notes that SLH is a high-profile cybercrime supergroup comprising LAPSUS$, Scattered Spider, and ShinyHunters, with a history of bypassing MFA and using techniques such as MFA prompt bombing and SIM swapping.
It highlights how the recruitment drive aims to bypass traditional attacker profiles trained to recognise impersonation, thereby enhancing the effectiveness of their operations.