Scattered Lapsus$ Hunters auditioning female voices to sharpen social engineering

Steven

Scattered Lapsus$ Hunters auditioning female voices to sharpen social engineering

Summary

Prolific cybercrime group Scattered Lapsus$ Hunters (SLSH) has been advertising on Telegram for female recruits to carry out vishing calls targeting IT helpdesks, offering $500–$1,000 per call depending on success and hit rate. Applicants message the group’s ‘Support’ account, answer screening questions and, if accepted, are provided with scripts to use.

SLSH’s aim appears to be improving impersonation success by using female voices to bypass helpdesk training and expectations. Dataminr and other experts describe the move as a calculated evolution in tactics. It follows earlier crowdsourcing efforts by the group, including paying people small amounts in Bitcoin to harass executives as part of extortion campaigns.

Key Points

  • SLSH posted Telegram recruitment ads on 22 February offering $500–$1,000 per successful vishing call.
  • Prospective recruits contact a ‘Support’ account, complete a screening process and receive a script if accepted.
  • The campaign explicitly seeks female voices to increase the chance of deceiving IT helpdesk staff.
  • Experts warn this is a deliberate tactic to exploit bias and bypass typical verification cues.
  • Organisations should strengthen helpdesk identity checks — use video verification, callbacks to known numbers, and secondary internal authentication.
  • The recruitment is part of a broader trend of crowdsourced malicious activity and paid harassment previously seen from the group.

Context and relevance

This is pertinent for IT security teams, helpdesk managers and anyone responsible for account recovery or support processes. Social engineering remains one of the most effective attack vectors, and attackers are professionalising their approach by outsourcing and incentivising callers to improve success rates. The story highlights a clear need to update verification procedures and training to account for more convincing impersonations.

Why should I read this?

Look — if you run a helpdesk or care about security, this is one to take seriously. These crooks are spending real cash to sound more convincing. Read it, tighten your verification steps, and tell staff not to trust a voice on its own.

Source

Source: https://www.theregister.com/2026/02/26/scattered_lapsus_hunters_female_recruits/