Cyber crime among young people is nothing new, but it is increasing in number and the scale, scope and reach of an individual’s attack is developing more rapidly now.
Young people take to the dark web to look for high-paying “jobs”. Archive photo
Young attackers are often motivated by boredom, peer prestige or small financial incentives. Sometimes they have no real motivation and instead find themselves victims of circumstance and accidental affiliation – social influence within otherwise innocent forums or chat groups. The distinction between curiosity-fueled hoaxes and large-scale criminal activity is becoming increasingly blurred.
Initial contact usually occurs in public spaces such as gaming forums or live chats, but sustained and consistent participation often migrates to more trusted, invite-only forums. This progression reflects a shift from low-barrier experimentation to task-oriented collaboration accompanied by stricter social norms and reputational incentives, according to newamerica.org.
In many other situations, young people go to the dark web to look for “jobs” knowing that they are very well paid, ignoring the risks they are taking.
The report Inside the dark web job market: Their talent, our threat published by Kaspersky shows that the number of resumes and job ads posted on underground forums doubled in the first quarter of 2024 compared to the same period in 2023, remaining at the same level in the first quarter of 2025.
Overall, CVs outnumber vacancies by 55% in 2025 amid a global wave of layoffs and more young people entering the workforce. The age distribution shows a median age of candidates of only 24 years and a significant presence of teenagers.
The criminal ecosystem
Jobs on the dark web are predominantly associated with illegal activities, although there are some legitimate roles as well. According to the report, 69% of candidates did not specify a preferred field, openly signaling that they are willing to accept any paid opportunity – from programming to scams or advanced cyber operations. The most sought-after IT roles by employers on the dark web reflect a mature criminal ecosystem:
• Developers (17% of ads) – create attack tools
• Penetration testers (12%) – test networks for vulnerabilities
• Money launderers (11%) – disguise illicit funds through successive transactions
• Carders (6%) – steal and monetize payment data
• Traffers (5%) – directs victims to phishing sites or infected downloads
Specialized applications reported gender-based differences. Female candidates were more likely to target interpersonal roles such as support, call center and technical support. Male candidates were mainly targeting technical or financial crime-related roles – developers, money mules or mule coordinators.
Salaries between $2,000 and $5,000
Salary expectations varied considerably by major. Reverse engineers earned the highest amounts – over $5,000 per month, followed by penetration testers at $4,000 and developers at $2,000. Fraudsters earned a percentage of the team’s revenue: money launderers around 20%, carders around 30%, and traffers around 50% – reflecting the demand for rare skills with major impact in the illegal ecosystem.
“The shadow labor market is no longer peripheral; it absorbs the unemployed, minors and overqualified people. Many arrive there believing that the dark web and the legal market are fundamentally similar, rewarding proven skills over degrees, with the dark web even offering some benefits – such as offers received within 48 hours and no HR interviews. However, not many realize that working on the dark web can lead to jail time”comments a fingerprint analyst.
Young people considering a “job” on the dark web should be aware that making a quick buck comes with some serious legal and reputational consequences. Parents, teachers and the community are encouraged to report suspicious requests immediately. Children should be shown that there are multiple career paths in technology, including cybersecurity. Kaspersky’s special project, What we should do with kids who hack, highlights how teenagers can be guided to use the skills for a positive purpose.
Safety recommendations
For individuals:
• Avoid links to suspicious pages. Do not respond to “easy money” offers, especially through Telegram or obscure forums. Check the legitimacy of the job through official channels.
• If you are a teenager – report suspicious posts to parents or authorities. No amount of money is worth a criminal record.
For organizations:
• Training employees on phishing and suspicious links.
• Implementation of dark web monitoring for employee credentials and resumes of former employees.
• Training HR to identify ‘shadow experience’ in CVs. Implementing multilayer fraud detection – “money mules” and carders are entry roles in larger attack chains.
• Continuous monitoring of dark web resources significantly improves visibility into potential threats and enables tracking of malicious actors’ plans and trends.
