Teenage hackers recruited through fake job ads

At first glance, job ads seem completely harmless. They promise fast money, flexible hours and paid training. No experience required. Payment is made in cryptography. But these are not tutoring jobs or customer service roles. They are recruiting ads for ransomware operations.

And many of the people who respond are middle and high school students. Some posts openly say they prefer inexperienced workers. Others quietly prioritize young women. They all promise big payouts for “successful calls.”

What they leave aside is the risk. Federal charges. Prison time. Permanent records. This underground ecosystem has a familiar name. It is often referred to by insiders as “The Com”, short for “The Community”.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

HACKERS ABUSE GOOGLE CLOUD TO SEND TRUSTED PHISHING EMAILS

How The Com operates behind the scenes

The Com is not a single organized gang. It works as a flexible network of groups that periodically change names and members. Known branches linked to this ecosystem include Scattered Spider, Lapsus$, brighthunters and related dissident crews. Some groups focus on data theft. Others specialize in phishing either extortion. Collaboration occurs when it benefits the operation.

As of 2022, these networks have targeted over 100 major companies in the US and UK. Victims include well-known brands in retail, telecommunications, finance, fashion and media, including companies such as T-Mobile, Nike and Instacart. The combined market value of the affected companies exceeds $1 trillion.

Adolescents tend to assume the riskiest roles within these schemes. Phone calls, entrance tests, and social engineering scripts often fall to younger participants. More experienced criminals remain in the background, limiting their exposure.

That structure reflects what identity and fraud experts see across the industry. Ricardo Amper, founder and CEO of Incode Technologies, a digital identity verification company, says fake job ads are effective because they borrow trust from a familiar social contract.

“A job feels structured, normal and safe, even when the actual behavior being requested is quite the opposite,” Amper said. “A job offer involves a real process: a role, a manager, training, and a paycheck. That’s exactly why it works. It reduces skepticism and makes risky applications feel like a normal onboarding.”

Amper points out that what has changed is not just the scale of recruitment, but also how criminals package it. “Serious crime is now sold as ‘job’.”

Why teenagers excel at social engineering attacks

Teenagers bring a unique combination of skills that make them very compelling. Fluent English and comfort with modern technology in the workplace help them appear legitimate. Familiarity with tools like Slack, ticketing systems, and cloud platforms makes it easier to impersonate.

According to Amper, teens don’t need technical experience to get involved. “The path is usually social, a Discord server, a DM, a ‘quick gig,'” he said. “It may seem like a culture of trolling, but the targets are real companies and the consequences are real people.”

Risk awareness is usually lower. Conversations often take place in public chats, where tactics and mistakes are quickly shared. That visibility accelerates learning and increases the likelihood of detection and arrest.

Gaming culture fuels the process

For many teenagers, the start is small. Pranks in online games turn into account takeovers. Username theft turns into cryptocurrency theft. Skills increase. Also what is at stake.

Recruiting often begins in gaming spaces where rapid learning and confidence are rewarded. The toilet is common. Sextortion sometimes appears. When real money enters the picture, legal consequences seem far away.

Amper compares progression to the game itself. “These teams present crime as a ladder,” he said. “Join the group, do small tasks, level up, earn money, get status.”

Why are young women attacked?

Cybercrime remains male-dominated, but recruiters are adapting. More and more young women are recruited for telephone attacks. Some use artificial intelligence tools to alter accents or tone. Others are based on stereotypes. Anxiety reduces suspicion faster than authority. Researchers say women often succeed because they are underestimated. That same dynamic puts them at risk within these groups. Leadership remains overwhelmingly male. Girls often do low-level jobs. Training remains minimal. Exploitation is frequent.

Red Flags Indicating Fake Job Scams and Ransomware Recruitment

These warning signs appear repeatedly in cases involving teenage hackers, social engineering teams, and ransomware groups.

Cryptocurrency-only payment is a major warning sign

Legitimate employers do not pay workers exclusively in cryptocurrency. Cryptocurrency-only payment makes transactions difficult to trace and protects criminals, not workers.

Payments per call or per task should raise concerns

Promises of hundreds of dollars for a single call or quick task often point to illegal activity. Actual jobs are paid hourly or a salary with documentation.

Recruitment via Telegram or Discord is a red flag

Criminal groups rely on private messaging apps to avoid monitoring. Established companies don’t recruit employees through game chats or encrypted direct messages.

Anonymous mentors and vague training are dangerous

Being “trained from scratch” by anonymous people is common in ransomware channels. These mentors disappear when arrests occur.

The secret requests signal manipulation.

Any job that asks teens to hide work from their parents or employees to hide tasks from their employers is crossing a line. Secrecy protects the recruiter, not the recruit.

Amper offers a simple rule of thumb: “If a ‘job’ asks you to pretend to be someone else, gain access, move money, or share sensitive identifiers before you have verified the employer, you are not in a hiring process. You are in a criminal process.”

He adds that legitimate employers collect confidential information only after an actual offer, through verified human resources systems. “The fraudulent version reverses the order” said. “Ask for the most sensitive details first, before something is independently verifiable.”

Urgency and emotional pressure are deliberate tactics

Making hasty decisions or creating fear reduces judgment. Social engineering depends on speed and emotional reactions.

If you see more than one of these signs, pause immediately. Leaving early can avoid serious legal consequences down the road.

MICROSOFT TYPOSQUATTING SCAM SWAPS LETTERS TO STEAL LOGIN

Law Enforcement Cracks Down on Teen Cybercrime

Since 2024, government indictments and international arrests have shown that cybercriminal groups linked to The Com and Scattered Spider are under increasing scrutiny by law enforcement. In September 2025, US prosecutors disclosed a complaint from the Department of Justice. against Thalha Jubair, 19, accusing him of orchestrating at least 120 ransomware and extortion attacks that generated more than $115 million in ransom payments from 47 American companies and organizations, including federal court networks. Prosecutors charged Jubair with computer fraud, wire fraud and money laundering conspiracy.

Across the Atlantic, British authorities charged Jubair and 18-year-old Owen Flowers for their alleged roles in a Transport for London cyberattack in 2024 that compromised travel card data and disrupted live traveler information. Both appeared in court under the UK Computer Misuse Act. Previous law enforcement actions in the US included criminal charges against five Scattered Spider suspects for massive phishing campaigns that stole login credentials and millions in cryptocurrency, exposing how members of this collective organized coordinated extortion and data theft.

Federal agencies are also issuing advisories about the group’s social engineering techniques, noting how attackers pose as help desk services, abuse multi-factor authentication and harvest credentials to access corporate networks.

Parents often learn the truth late. In many cases, the first warning comes when federal agents arrive at the door. Teens can go from online pranks to serious federal crimes without realizing where the legal line is.

How Parents and Teens Can Avoid Ransomware Recruitment Traps

This type of cybercrime thrives on silence and speed. Slowing things down protects families and the future.

Tips for parents and guardians to detect fake job scams early

Parents play a critical role in spotting early warning signs, especially when online “work” begins to happen behind closed doors or moves too quickly to explain.

1) Pay attention to how “jobs” are communicated online

Ask what platforms your child uses for work conversations and who they talk to. Legitimate employers do not recruit via Telegram or Discord direct messages.

2) Question sudden income without a clear employer

Money that appears quickly, especially in cryptocurrencies, deserves scrutiny. Real jobs provide documentation, supervisors, and salary records.

3) Treat secrecy as a serious warning sign

If a teenager is told to keep his work private from his parents or teachers, that is not independent. endence. It’s manipulation.

4) Talk early about online legal consequences

Many teens do not realize that cybercrime can lead to federal charges. Honest conversations now prevent life-changing outcomes later. Additionally, tracking can be uncomfortable. However, silence creates more risks.

Tips for teens to avoid fake job offers and cybercrime traps

Tech-savvy teens have real opportunities ahead of them, but knowing how to spot fake offers can mean the difference between building a career and facing serious legal problems.

1) Be skeptical of private messages offering quick money

Real companies don’t cold recruit through private chats or game servers.

2) Avoid crypto-only payment offers

Receiving payments solely in cryptocurrency is a common tactic used to hide criminal activity.

3) Choose legal paths to develop skills and reputation

Bug bounty programs, cybersecurity clubs, and internships offer real-world experience without putting your future at risk. Talent opens doors. The prison closes them.

Take my quiz: How safe is your online security?

Do you think your devices and data are really protected? Take this quick quiz to see where you stand digitally. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing well and what you need to improve. Take my quiz here: Cyberguy.com

FBI WARNS ABOUT FAKE KIDNAPPING PHOTOS USED IN NEW SCAM

Kurt’s Key Takeaways

What makes this trend so disturbing is how common it all seems. Job ads seem harmless. Chats feel friendly. Crypto payments seem exciting. But beneath that surface is a pipeline that drags teenagers into committing serious crimes with real consequences. Many children don’t realize how far they have come until it is too late. What starts as a quick call or a side job can turn into a federal matter. Arges and years of consequences. Cybercrime is advancing rapidly. Accountability usually comes much later. When it does, the damage is already done.

If fake job ads can quietly recruit teenagers to ransomware gangs, how sure are you that your family or workplace will spot the warning signs before it’s too late? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO GET THE News APP

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

Copyright 2026 CyberGuy.com. All rights reserved.