SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

SLH Offers Financial Incentives for Vishing Attacks 🚨

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women for social engineering attacks. The aim is to hire them for voice phishing campaigns targeting IT help desks, as reported by Dataminr in a new threat brief.

The group is said to be offering between $500 and $1,000 upfront per call, along with pre-written scripts to facilitate the attacks. This recruitment drive represents a calculated evolution in SLH’s tactics, as they aim to bypass traditional attacker profiles that IT help desk staff may be trained to identify, thereby increasing the effectiveness of their impersonation efforts.

Key Insights:

• SLH is diversifying its social engineering pool by specifically recruiting women for vishing attacks.
• The group has a history of engaging in advanced social engineering attacks to sidestep multi-factor authentication (MFA).
• They utilize legitimate services and residential proxy networks to blend in and evade detection.

Organizations are advised to be on alert and train IT help desk personnel to watch out for pre-written scripts and polished voice impersonation. It’s crucial to enforce strict identity verification and harden MFA policies by moving away from SMS-based authentication.

To read the complete article see: Read full article