Impersonation-as-a-Service: The Professionalization of Social Engineering in Cybercrime

August 22, 2025

Over the past year, cybercrime has undergone a notable transformation, shifting from opportunistic fraud and ransomware operations toward industrialized impersonation campaigns delivered as a service. Underground forums reveal a rising demand for English-language social engineering expertise, with job postings doubling between 2024 and mid-2025. This trend highlights not only the value attackers place on linguistic and cultural fluency but also the growing commoditization of human-targeted attack methods. Security researchers and industry leaders describe this new model as “impersonation-as-a-service”—a subscription-based ecosystem where threat actors can acquire toolkits, coaching, scripts, and even customized training to conduct sophisticated infiltration campaigns. Combined with AI-driven enhancements and techniques borrowed from state-backed operations, this service model enables even low-skilled actors to mount highly targeted account-takeover and ransomware attacks against global enterprises.

 The collaboration between ShinyHunters and Scattered Spider provides a live case study of this evolution, where professionalized social engineering has transformed cybercrime operations into systematic infiltration campaigns targeting high-value corporate environments worldwide.

The emergence of “impersonation-as-a-service” marks the next evolution in the cybercrime economy, reflecting the professionalization and commercialization of social engineering. According to ReliaQuest, underground forums show a clear surge in demand for English-language social engineering expertise: job advertisements mentioning this skill more than doubled between 2024 and mid-2025. This suggests that attackers increasingly view linguistic and cultural fluency as a differentiator in targeting Western organizations, and organizations should anticipate a corresponding rise in tailored phishing, vishing, and impersonation campaigns.

 Nametag’s CEO Aaron Painter describes this trend as a subscription-based SaaS model for cybercrime, where criminals can purchase toolkits, scripts, exploits, and even receive training and coaching to conduct infiltration operations. These offerings allow less technically sophisticated actors to deploy highly effective social engineering, often integrated with ransomware or account-takeover operations driven by financial motives.

 The ShinyHunters–Scattered Spider nexus exemplifies this shift. ShinyHunters, previously associated with mass data thefts (Snowflake, Ticketmaster, AT&T), has since June 2025 pivoted to more targeted intrusions, compromising dozens of Salesforce environments. High-profile suspected victims include Dior, Chanel, Pandora, Allianz, Google, and Workday. Investigators suggest that ShinyHunters has adopted Scattered Spider’s high-touch social engineering playbook, possibly enhanced with training and tools directly sourced from them. This collaboration has enabled ShinyHunters to move beyond opportunistic breaches into precision account takeovers, highlighting the increasing overlap between cybercrime groups and the modular services they buy and sell.

 The role of AI further amplifies this threat. Generative AI enhances impersonation capabilities, from realistic voice-phishing to customized lures, lowering entry barriers for less skilled attackers. At the same time, threat actors borrow tactics from state-sponsored operators, integrating reconnaissance, employee profiling, lateral movement, and stealthy privilege escalation into their tradecraft.

 Experts stress that cybercrime has effectively absorbed nation-state-level capabilities, spreading them across criminal ecosystems where they are commoditized on underground markets. The result is a landscape in which attackers no longer operate as isolated gangs but as a connected economy of service providers, collaborators, and tool developers.

 The rise of impersonation-as-a-service illustrates how human vulnerability is being industrialized: attackers are no longer improvising social engineering, but systematically refining and scaling it as a professionalized service, backed by AI, coaching, and shared tradecraft. This convergence of crimeware-as-a-service, social engineering specialization, and cross-group collaboration points to a sustained escalation in both the sophistication and frequency of targeted attacks.