English speakers adept at social engineering are a hot commodity in the cybercrime job market.
According to threat detection and response firm ReliaQuest, English-language social engineering is among the most in-demand skill sets on underground forums, with the number of job advertisements mentioning this particular talent more than doubling between 2024 and 2025. The security shop tracked 4 of these types of job listings last year, compared to 10 as of July 2025.
For organizations looking to defend against digital intruders, this also indicates that English-language social engineering attacks are likely to become even more frequent as criminals learn from their peers’ successes.
Identity security shop Nametag CEO Aaron Painter calls this new-ish attack technique “impersonation-as-a-service.”
“It’s this SaaS business model,” he told The Register. “As a bad actor you can subscribe to get tools, training, coaching, scripts, exploits, everything in a box to go out and conduct your infiltration operation that often combine[s] these social engineering attacks with targeted ransomware, almost always with a financial motive.”
Painter points to Scattered Spider’s recent suspected collaboration with fellow cybercrime gang ShinyHunters as an example.
ShinyHunters, best known for last year’s high-profile attacks on Snowflake customers’ databases, Ticketmaster, and AT&T, has been on a digital break-in spree since June, when it began compromising dozens of companies’ Salesforce instances.
These intrusions used social engineering to gain access to the organizations’ Salesforce credentials — typically a voice-phishing call intended to trick an employee into providing access — and suspected victims include fashion houses Dior and Chanel, jewelry retailer Pandora, insurance company Allianz, Google, and most recently Workday.
ShinyHunters is now using Scattered Spider’s “high-touch social engineering approach, potentially combined with coaching and tools from Scattered Spider,” Painter told The Register. “It’s allowed ShinyHunters to go beyond the opportunistic data theft into these more targeted, account-takeover attacks.”
In addition to criminals selling social engineering expertise and training to other criminals, advances in AI have made these types of scams more accessible and easier to pull off.
“AI has given superpowers to bad actors, and Scattered Spider is a great example,” Painter said.
Plus, according to ExtraHop head of technical marketing Jamie Moles, not only are criminals collaborating with AI and each other, they are also learning from government-backed cyber crews. This includes how to perform reconnaissance and get to know their victims — what software products they use, who the employees are, what the companies’ mission and values are — all before the attack.
They’ve also learned how to evade security tool detection, escalate privileges, and move laterally across organizations.
“It’s moved beyond adolescent pranks and hacktivism,” Moles told The Register. “It’s moved beyond just ransomware guys trying to extort organizations. The skills and the techniques used by the nation-state actors have propagated right across the criminal enterprise. They’re clearly all collaborating on various different underground forums and selling techniques and capabilities and services to each other. And it’s not going away.” ®
**Get our** Tech Resources
English speakers adept at social engineering are a hot commodity in the cybercrime job market.
The security shop tracked 4 of these types of job listings last year, compared to 10 as of July 2025.
Painter points to Scattered Spider’s recent suspected collaboration with fellow cybercrime gang ShinyHunters as an example.
ShinyHunters is now using Scattered Spider’s “high-touch social engineering approach, potentially combined with coaching and tools from Scattered Spider,” Painter told The Register.
In addition to criminals selling social engineering expertise and training to other criminals, advances in AI have made these types of scams more accessible and easier to pull off.
English speakers adept at social engineering are a hot commodity in the cybercrime job market.
According to threat detection and response firm ReliaQuest, English-language social engineering is among the most in-demand skill sets on underground forums, with the number of job advertisements mentioning this particular talent more than doubling between 2024 and 2025. The security shop tracked 4 of these types of job listings last year, compared to 10 as of July 2025.
For organizations looking to defend against digital intruders, this also indicates that English-language social engineering attacks are likely to become even more frequent as criminals learn from their peers’ successes.
Identity security shop Nametag CEO Aaron Painter calls this new-ish attack technique “impersonation-as-a-service.”
“It’s this SaaS business model,” he told The Register. “As a bad actor you can subscribe to get tools, training, coaching, scripts, exploits, everything in a box to go out and conduct your infiltration operation that often combine[s] these social engineering attacks with targeted ransomware, almost always with a financial motive.”
Painter points to Scattered Spider’s recent suspected collaboration with fellow cybercrime gang ShinyHunters as an example.
ShinyHunters, best known for last year’s high-profile attacks on Snowflake customers’ databases, Ticketmaster, and AT&T, has been on a digital break-in spree since June, when it began compromising dozens of companies’ Salesforce instances.
These intrusions used social engineering to gain access to the organizations’ Salesforce credentials — typically a voice-phishing call intended to trick an employee into providing access — and suspected victims include fashion houses Dior and Chanel, jewelry retailer Pandora, insurance company Allianz, Google, and most recently Workday.
ShinyHunters is now using Scattered Spider’s “high-touch social engineering approach, potentially combined with coaching and tools from Scattered Spider,” Painter told The Register. “It’s allowed ShinyHunters to go beyond the opportunistic data theft into these more targeted, account-takeover attacks.”
In addition to criminals selling social engineering expertise and training to other criminals, advances in AI have made these types of scams more accessible and easier to pull off.
“AI has given superpowers to bad actors, and Scattered Spider is a great example,” Painter said.
Plus, according to ExtraHop head of technical marketing Jamie Moles, not only are criminals collaborating with AI and each other, they are also learning from government-backed cyber crews. This includes how to perform reconnaissance and get to know their victims — what software products they use, who the employees are, what the companies’ mission and values are — all before the attack.
They’ve also learned how to evade security tool detection, escalate privileges, and move laterally across organizations.
“It’s moved beyond adolescent pranks and hacktivism,” Moles told The Register. “It’s moved beyond just ransomware guys trying to extort organizations. The skills and the techniques used by the nation-state actors have propagated right across the criminal enterprise. They’re clearly all collaborating on various different underground forums and selling techniques and capabilities and services to each other. And it’s not going away.” ®
Get our Tech Resources
