- SLSH is recruiting women to increase the effectiveness of social engineering in IT help desks
- Candidates are paid between $500 and $1,000 per call depending on success.
- Participants must answer screening questions and follow a set of scripted instructions.
The notorious hacker group Scattered Lapsus$ Hunters, also known as SLSH, is reportedly recruiting women to improve the effectiveness of its social engineering operations.
Telegram messages dated February 22 and collected by Dataminr indicate that the group offers payouts of between $500 and $1,000 per call, based on “success and success rate.”
Applicants are asked to contact the group’s “Support” account, answer screening questions and, if accepted, follow a prepared script during the calls.
Recruitment process and call structure
The aim appears to be to trick IT help desk staff into providing login credentials that can then be used to access corporate networks, consistent with the group’s known methods of manipulating internal support teams to reset passwords or bypass authentication procedures.
Experts who have monitored calls related to affiliated actors describe the techniques as structured and effective.
“This recruitment campaign represents a calculated evolution in SLH’s tactics,” said Jeanette Miller-Osborn, field cyber intelligence manager at Dataminr.
“By specifically seeking out female voices, the group likely aims to bypass “traditional” attacker profiles that IT help desk staff can be trained to identify, thereby increasing the effectiveness of their impersonation efforts.
The SLSH’s recent campaign follows previous public recruitment attempts conducted via Telegram.
In October 2025, the group offered $10 in Bitcoin to anyone willing to “endlessly harass” the leaders of the organizations it was trying to extort.
“You have permission to endlessly harass these leaders until they comply with our orders,” the message said, adding that the activity would be “centralized and well managed.”
Asked about participation levels, the group claimed it had “virtually contributed over $1,000 at this point”, although this figure could not be independently verified.
The move toward paid voice spoofing suggests a continued reliance on outsourced participants rather than tightly controlled internal operations.
This recruitment activity takes place in a context of sustained criminal pressure on major brands.
ShinyHunters claimed to have obtained 1.7 million CarGurus records and separately claimed Panera Bread as a victim of stolen credentials.
Ransomware attacks continued to rise in 2025, with gangs re-emerging under new names despite previous disruption efforts.
Miller-Osborn recommends that organizations educate their help desks about these evolving tactics and ensure that identities are verified through video calls or secondary internal confirmation.
Strengthening internal firewall rules and enforcing identity theft protection controls could help combat this threat.
Additionally, implementing strict malware removal procedures can reduce exposure if credentials are compromised.
Cyberscams continue to thrive despite global raids, and the commercialization of social engineering, with auditions and performance-based pay, shows that criminals rely more on human manipulation than technical intrusion.
Via The register
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
