Cybercriminals lure young workers with lucrative dark web job offers

Young people, including minors with technical skills, are being recruited into criminal networks with awareness of legal consequences but acceptance driven by economic desperation and lack of legitimate opportunities.
They want the young, the digitally native, the desperate.
Describing how cybercriminals have shifted their recruitment focus from experienced hackers to vulnerable Generation Z workers.

Dark web job market targets vulnerable Gen Z (avg. age 24) with offers paying €5,000+ monthly—double legitimate software engineer salaries—for roles in hacking, money laundering, and phishing. Many applicants knowingly accept illegal work; recruitment begins with seemingly innocent tasks and exploits digital natives' technical skills combined with youth unemployment and economic precarity.

  • Dark web job recruitment targeting young people doubled between Q1 2023 and Q1 2024
  • Average recruit age is 24; some are minors with advanced technical skills
  • Cybercriminals offer €5,000 monthly for software engineering roles vs. €2,300–€2,500 in legitimate sector
  • Money mules can earn 20% commission on funds transferred through their accounts
  • Recruitment often begins with seemingly harmless technical tasks before escalating to illegal work

Cybercriminals are increasingly targeting Gen Z workers on the dark web with lucrative job offers for illegal activities, with recruitment doubling between 2023-2024. Young people, often facing unemployment and precarity, are lured by salaries double or triple legitimate tech sector wages.

On the dark web, a parallel job market has taken root—one that doesn't ask for a résumé or conduct background checks, but instead hunts for young people with technical skills and few other options. Between the first quarter of 2023 and the same period in 2024, recruitment campaigns targeting minors and young adults for illegal cybercrime work doubled in volume, according to research from Kaspersky, the cybersecurity firm. The trend has held steady since then, revealing a troubling pattern: criminals are no longer just seeking experienced hackers. They want the young, the digitally native, the desperate.

The typical recruit is someone from Generation Z—born between 1996 and 2012—averaging 24 years old, often facing unemployment or precarious work. Some applicants know exactly what they're signing up for and don't care. Others suspect the work is illegal but rationalize it away. What keeps them coming is money. A legitimate software engineer in Spain might earn between 2,300 and 2,500 euros monthly. Cybercriminals are offering 5,000 euros. For those willing to serve as money mules—transferring stolen funds through multiple accounts—the cut can reach 20 percent of every transaction they process. In a world where young people struggle to find stable work, these numbers are seductive.

The recruitment pitches arrive camouflaged as legitimate opportunities: digital services, cybersecurity positions, VPN-related work. They come through forums, encrypted channels, sometimes email. The criminals have industrialized their hiring. Pedro Viana, Kaspersky's director of sales for Iberia, describes cybercrime as an industry where each role serves a specific function. They need developers to build attack tools. They need designers for phishing websites. They need money launderers. They need coordinators to manage networks of mules. The work is specialized, hierarchical, and—from a criminal perspective—efficient. Young people with genuine technical talent find themselves wanted, valued, compensated at rates the legitimate job market won't match.

What makes this recruitment particularly insidious is how it begins. The first tasks often seem harmless—testing a website, reviewing code, minor technical work. By the time a young person realizes they're embedded in a criminal operation, they're already compromised. Some are minors with exceptional technical abilities, making them especially vulnerable to exploitation. The criminals understand their targets: economically precarious, digitally fluent, aware that the legitimate tech sector demands credentials and connections they may not have. The dark web job market, by contrast, values talent over degrees and bureaucracy. It moves fast. It accepts you immediately.

Gender patterns emerge in the data. Women tend toward customer service, technical support, and roles involving interaction with outsiders. Men gravitate toward development work and coordination of money-laundering networks. Each position carries different risks and different rewards, but all carry the same legal weight. Anyone who accepts these jobs is committing crimes—fraud, money laundering, hacking, data theft—with consequences that extend far beyond a criminal record. Viana emphasizes the reality that many young recruits don't fully grasp: prison time is possible. The reputational damage is permanent. A conviction for cybercrime follows you through life.

The vulnerability these young people face is compounded by the normalization of digital fraud. Unemployment, economic precarity, and technical skill converge with an environment where illegal activity online feels less real, less consequential than crime in the physical world. Parents and educators often don't recognize the signs of recruitment. A teenager spending long hours online, suddenly earning money from unclear sources, gaining confidence in technical forums—these can look like normal adolescent development. But they can also be the early stages of criminal capture.

Kaspersky's warning is direct: distrust easy money, ignore unsolicited job offers from forums or encrypted channels, remember that legitimate companies recruit through official channels with formal hiring processes. Don't do online what you'd never do in person. But the deeper message is about prevention through education and legitimate opportunity. If young people had viable paths into ethical cybersecurity work, if the job market offered them stability and fair compensation for their skills, the dark web's recruitment campaigns would lose much of their power. Until then, a generation facing economic uncertainty will continue to receive offers they find difficult to refuse.

Cybercrime is an industry where each role has a very specific function. They seek digital natives and developers to create attack tools, designers for phishing websites, and people to carry out money laundering.
— Pedro Viana, Kaspersky director of sales for Iberia
Many applicants are vulnerable profiles, some willing to do any work as long as it's paid, and others who suspect it may be illegal but don't care because of the high compensation.
— Pedro Viana, Kaspersky
The Hearth Conversation Another angle on the story
Inventor

Why are criminals specifically targeting young people right now? Is it just about finding cheaper labor?

Model

It's more calculated than that. They want digital natives—people who grew up online, who understand technology intuitively. But they're also targeting vulnerability. A 24-year-old facing unemployment or precarious work is more likely to rationalize illegal income than someone with stable employment.

Inventor

The money they're offering—5,000 euros for a software engineer when legitimate work pays 2,300—that's a huge gap. How do they sustain those salaries?

Model

Because they're operating at scale and the work is profitable. A single successful phishing campaign or data theft can generate enormous returns. They can afford to pay well because the crime itself generates far more money than they're distributing to workers.

Inventor

You mentioned recruitment starts with seemingly innocent tasks. How does that progression work?

Model

It's gradual. First assignment might be testing a website or reviewing code—nothing obviously criminal. By the time you're three months in, you're embedded in the operation and the tasks have shifted. By then, you're already compromised. Walking away becomes harder.

Inventor

Are these young people aware they're breaking the law?

Model

Many are. The research shows some applicants know it's illegal and don't care because of the money. Others suspect but rationalize it. The dangerous part is that they often underestimate the consequences—they don't think about prison time or how a cybercrime conviction follows you forever.

Inventor

What's the role of parents and schools in preventing this?

Model

They need to recognize the signs and offer alternatives. If a teenager has genuine technical talent, there are legitimate paths in cybersecurity and tech. The problem is those paths require credentials, connections, or time—things economically precarious families may not have. Prevention means making legal opportunities actually accessible.

Inventor

So this isn't just a security problem. It's an economic problem.

Model

Exactly. The dark web job market exists because there's a gap between young people's skills and the legitimate opportunities available to them. Close that gap, and you undermine the criminals' recruitment strategy.

Contact Us FAQ