English-speaking social engineers are now among the most in-demand recruits on cybercriminal forums, with job ads more than doubling between 2024 and mid-2025, according to ReliaQuest.
Often described as “impersonation-as-a-service”, criminals can now subscribe to training, scripts, and tools that make it easier to trick employees into handing over access. Groups such as Scattered Spider and ShinyHunters have used these techniques to launch targeted account-takeover attacks, including recent breaches of Salesforce accounts at firms like Dior, Chanel, Allianz, and Google.
Experts say English remains the priority because it allows attackers to convincingly impersonate staff at global companies, giving them a clear advantage over automated phishing or generic malware.
For organisations, the best defence lies in strong identity controls and staff training. Multi-factor authentication, strict verification procedures, and regular awareness exercises can help stop employees being manipulated into giving away access.