In this article, Fox News reports on how teenagers are being recruited through fake job advertisements to carry out cybercrime, exposing a growing trend where social engineering targets individuals as entry points for larger fraud operations.
The piece includes insights from Ricardo Amper, Founder & CEO at Incode, who explains how fraud networks increasingly rely on deception, impersonation, and trust abuse to scale attacks. Amper warns that as recruitment tactics become more sophisticated, organizations must rethink how they verify identity and intent across digital interactions.
Read below a transcription of this article, published by Fox News on January 13, 2026.
Teen hackers recruited through fake job ads
How ransomware gangs lure kids with crypto and phone work
By Kurt Knutsson, CyberGuy Report Fox News
Published January 13, 2026
At first glance, the job posts look completely harmless. They promise fast money, flexible hours and paid training. No experience required. Payment comes in crypto. But these are not tutoring gigs or customer service roles. They are recruiting ads for ransomware operations.
And many of the people responding are middle and high school students. Some posts openly say they prefer inexperienced workers. Others quietly prioritize young women. All of them promise big payouts for “successful calls.”
What they leave out is the risk. Federal charges. Prison time. Permanent records. This underground ecosystem goes by a familiar name. Insiders often refer to it as “The Com,” short for “The Community.”
How The Com operates behind the scenes
The Com is not a single organized gang. It functions as a loose network of groups that regularly change names and members. Well-known offshoots tied to this ecosystem include Scattered Spider, Lapsus$, ShinyHunters and related splinter crews. Some groups focus on data theft. Others specialize in phishing or extortion. Collaboration happens when it benefits the operation.
Since 2022, these networks have targeted more than 100 major companies in the U.S. and UK. Victims include well-known brands across retail, telecom, finance, fashion and media, including companies such as T-Mobile, Nike and Instacart. The combined market value of affected companies exceeds one trillion dollars.
Teenagers often take on the riskiest roles within these schemes. Phone calls, access testing and social engineering scripts typically fall to younger participants. More experienced criminals remain in the background, limiting their exposure.
That structure mirrors what identity and fraud experts are seeing across the industry. Ricardo Amper, founder and CEO of Incode Technologies, a digital identity verification company, says fake job ads are effective because they borrow trust from a familiar social contract.
“A job post feels structured, normal and safe, even when the actual behavior being requested is anything but,” Amper said. “A job posting implies a real process – a role, a manager, training and a paycheck. That’s exactly why it works. It lowers skepticism and makes risky requests feel like normal onboarding.”
Amper notes that what’s changed is not just the scale of recruitment, but how criminals package it. “Serious crime is now being sold as ‘work.'”
Why young women are being targeted
Cybercrime remains male-dominated, but recruiters adapt. Young women are increasingly recruited for phone-based attacks. Some use AI tools to alter accents or tone. Others rely on stereotypes. Distress lowers suspicion faster than authority. Researchers say women often succeed because they are underestimated. That same dynamic puts them at risk inside these groups. Leadership remains overwhelmingly male. Girls often perform low-level work. Training stays minimal. Exploitation is frequent.
Why teens excel at social engineering attacks
Teenagers bring a unique mix of skills that make them highly convincing. Fluent English and comfort with modern workplace technology help them sound legitimate. Familiarity with tools like Slack, ticketing systems and cloud platforms makes impersonation easier.
According to Amper, teens don’t need technical expertise to get pulled in. “The on-ramp is usually social, a Discord server, a DM, a ‘quick gig,'” he said. “It can feel like trolling culture, but the targets are real companies and the consequences are real people.”
Risk awareness is often lower. Conversations frequently take place in public chats, where tactics and mistakes are shared quickly. That visibility accelerates learning and increases the likelihood of detection and arrest.
Gaming culture feeds the pipeline
For many teens, it starts small. Pranks in online games turn into account takeovers. Username theft becomes crypto theft. Skills escalate. So do the stakes.
Recruitment often begins in gaming spaces where fast learning and confidence are rewarded. Grooming is common. Sextortion sometimes appears. By the time real money enters the picture, legal consequences feel distant.
Amper compares the progression to gaming itself. “These crews package crime as a ladder,” he said. “Join the group, do small tasks, level up, get paid, get status.”
Red flags that signal fake job scams and ransomware recruitment
These warning signs show up repeatedly in cases involving teen hackers, social engineering crews and ransomware groups.
Crypto-only pay is a major warning sign
Legitimate employers do not pay workers exclusively in cryptocurrency. Crypto-only pay makes transactions hard to trace and protects criminals, not workers.
Per-call or per-task payouts should raise concern
Promises of hundreds of dollars for a single call or quick task often point to illegal activity. Real jobs pay hourly or a salary with documentation.
Recruitment through Telegram or Discord is a red flag
Criminal groups rely on private messaging apps to avoid oversight. Established companies do not recruit employees through gaming chats or encrypted DMs.
Anonymous mentors and vague training are dangerous
Being “trained from scratch” by unnamed individuals is common in ransomware pipelines. These mentors disappear when arrests happen.
Secrecy requests signal manipulation
Any job that asks teens to hide work from parents or employees to hide tasks from employers is crossing a line. Secrecy protects the recruiter, not the recruit.
Amper offers a simple rule of thumb: “If a ‘job’ asks you to pretend to be someone else, obtain access, move money, or share sensitive identifiers before you’ve verified the employer, you’re not in a hiring process. You’re in a crime pipeline.”
He adds that legitimate employers collect sensitive information only after a real offer, through verified HR systems. “The scam version flips the order,” he said. “It asks for the most sensitive details first, before anything is independently verifiable.”
More about Fox News
Fox News is a leading U.S. news organization covering breaking news, business, technology and cybersecurity. Through reporting and expert commentary, the outlet examines major events and emerging risks shaping the digital economy, consumer protection and national security.
Read the full article here.
Copyright 2025 CyberGuy.com. All rights reserved.
Connect with Ricardo Amper here.
