Cybercriminals are hiring women for more authentic social engineering scams — and are promising up to $1,000 per call
Summary
The cybercriminal group SLSH is recruiting women to impersonate IT helpdesk staff, offering up to $1,000 per call. This scheme targets major companies, highlighting the evolving tactics in cybercrime.
Key Insights
What is vishing and how does it differ from other types of phishing attacks?
Vishing is voice phishing—a social engineering attack conducted over the phone rather than through email or websites. In the SLSH campaign, attackers use vishing to impersonate employees and contact IT help desks, convincing staff to reset passwords or install remote monitoring tools that grant attackers access to corporate networks. Unlike traditional phishing that relies on written deception, vishing exploits human psychology through direct conversation, making it particularly effective when attackers can establish rapport and credibility through voice.
Why specifically are cybercriminals recruiting women for these attacks, and how does this represent an evolution in their tactics?
SLSH is deliberately recruiting women because IT help desk staff are typically trained to recognize and be suspicious of 'traditional' attacker profiles, which are predominantly male. By using female voices, the group aims to bypass these trained expectations and increase the likelihood that help desk employees will trust the caller and comply with requests. According to Dataminr, this represents a calculated tactical evolution—the group is diversifying its social engineering pool to make impersonation attempts more convincing and effective, thereby improving their success rate in gaining unauthorized network access.