At first glance, the job posts look completely harmless. They promise fast money, flexible hours and paid training. No experience required. Payment comes in crypto. But these are not tutoring gigs or customer service roles. They are recruiting ads for ransomware operations. 

And many of the people responding are middle and high school students. Some posts openly say they prefer inexperienced workers. Others quietly prioritize young women. All of them promise big payouts for “successful calls.”

What they leave out is the risk. Federal charges. Prison time. Permanent records. This underground ecosystem goes by a familiar name. Insiders often refer to it as “The Com,” short for “The Community.”

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

HACKERS ABUSE GOOGLE CLOUD TO SEND TRUSTED PHISHING EMAILS

How The Com operates behind the scenes

The Com is not a single organized gang. It functions as a loose network of groups that regularly change names and members. Well-known offshoots tied to this ecosystem include Scattered Spider, Lapsus$, ShinyHunters and related splinter crews. Some groups focus on data theft. Others specialize in phishing or extortion. Collaboration happens when it benefits the operation. 

Since 2022, these networks have targeted more than 100 major companies in the U.S. and UK. Victims include well-known brands across retail, telecom, finance, fashion and media, including companies such as T-Mobile, Nike and Instacart. The combined market value of affected companies exceeds one trillion dollars.

Teenagers often take on the riskiest roles within these schemes. Phone calls, access testing and social engineering scripts typically fall to younger participants. More experienced criminals remain in the background, limiting their exposure.

That structure mirrors what identity and fraud experts are seeing across the industry. Ricardo Amper, founder and CEO of Incode Technologies, a digital identity verification company, says fake job ads are effective because they borrow trust from a familiar social contract. 

“A job post feels structured, normal and safe, even when the actual behavior being requested is anything but,” Amper said. “A job posting implies a real process – a role, a manager, training and a paycheck. That’s exactly why it works. It lowers skepticism and makes risky requests feel like normal onboarding.”

Amper notes that what’s changed is not just the scale of recruitment, but how criminals package it. “Serious crime is now being sold as ‘work.’”

Why teens excel at social engineering attacks

Teenagers bring a unique mix of skills that make them highly convincing. Fluent English and comfort with modern workplace technology help them sound legitimate. Familiarity with tools like Slack, ticketing systems and cloud platforms makes impersonation easier.

According to Amper, teens don’t need technical expertise to get pulled in. “The on-ramp is usually social, a Discord server, a DM, a ‘quick gig,’” he said. “It can feel like trolling culture, but the targets are real companies and the consequences are real people.”

Risk awareness is often lower. Conversations frequently take place in public chats, where tactics and mistakes are shared quickly. That visibility accelerates learning and increases the likelihood of detection and arrest.

Gaming culture feeds the pipeline

For many teens, it starts small. Pranks in online games turn into account takeovers. Username theft becomes crypto theft. Skills escalate. So do the stakes.

Recruitment often begins in gaming spaces where fast learning and confidence are rewarded. Grooming is common. Sextortion sometimes appears. By the time real money enters the picture, legal consequences feel distant.

Amper compares the progression to gaming itself. “These crews package crime as a ladder,” he said. “Join the group, do small tasks, level up, get paid, get status.”

Why young women are being targeted

Cybercrime remains male-dominated, but recruiters adapt. Young women are increasingly recruited for phone-based attacks. Some use AI tools to alter accents or tone. Others rely on stereotypes. Distress lowers suspicion faster than authority. Researchers say women often succeed because they are underestimated. That same dynamic puts them at risk inside these groups. Leadership remains overwhelmingly male. Girls often perform low-level work. Training stays minimal. Exploitation is frequent.

Red flags that signal fake job scams and ransomware recruitment

These warning signs show up repeatedly in cases involving teen hackers, social engineering crews and ransomware groups.

Crypto-only pay is a major warning sign

Legitimate employers do not pay workers exclusively in cryptocurrency. Crypto-only pay makes transactions hard to trace and protects criminals, not workers.

Per-call or per-task payouts should raise concern

Promises of hundreds of dollars for a single call or quick task often point to illegal activity. Real jobs pay hourly or a salary with documentation.

Recruitment through Telegram or Discord is a red flag

Criminal groups rely on private messaging apps to avoid oversight. Established companies do not recruit employees through gaming chats or encrypted DMs.

Anonymous mentors and vague training are dangerous

Being “trained from scratch” by unnamed individuals is common in ransomware pipelines. These mentors disappear when arrests happen.

Secrecy requests signal manipulation

Any job that asks teens to hide work from parents or employees to hide tasks from employers is crossing a line. Secrecy protects the recruiter, not the recruit.

Amper offers a simple rule of thumb: “If a ‘job’ asks you to pretend to be someone else, obtain access, move money, or share sensitive identifiers before you’ve verified the employer, you’re not in a hiring process. You’re in a crime pipeline.”

He adds that legitimate employers collect sensitive information only after a real offer, through verified HR systems. “The scam version flips the order,” he said. “It asks for the most sensitive details first, before anything is independently verifiable.”

Urgency and emotional pressure are deliberate tactics

Rushing decisions or creating fear lowers judgment. Social engineering depends on speed and emotional reactions.

If you see more than one of these signs, pause immediately. Walking away early can prevent serious legal consequences later.

MICROSOFT TYPOSQUATTING SCAM SWAPS LETTERS TO STEAL LOGINS

Law enforcement is cracking down on teen cybercrime

Since 2024, government indictments and international arrests have shown cybercriminal groups tied to The Com and Scattered Spider are under increasing scrutiny from law enforcement. In Sept. 2025, U.S. prosecutors unsealed a Department of Justice complaint against 19-year-old Thalha Jubair, accusing him of orchestrating at least 120 ransomware and extortion attacks that brought in over $115 million in ransom payments from 47 U.S. companies and organizations, including federal court networks. Prosecutors charged Jubair with computer fraud, wire fraud and money laundering conspiracy.

Across the Atlantic, British authorities charged Jubair and 18-year-old Owen Flowers for their alleged roles in a Transport for London cyberattack in 2024 that compromised travel card data and disrupted live commuter information. Both appeared in court under the U.K.’s Computer Misuse Act. Earlier law enforcement action in the U.S. included criminal charges against five Scattered Spider suspects for mass phishing campaigns that stole login credentials and millions in cryptocurrency, laying out how members of this collective staged coordinated extortion and data theft.

Federal agencies are also issuing advisories about the group’s social engineering techniques, noting how attackers impersonate help desks, abuse multi-factor authentication and harvest credentials to access corporate networks.

Parents often learn the truth late. In many cases, the first warning comes when federal agents arrive at the door. Teens can move from online pranks to serious federal crimes without realizing where the legal line lies.

How parents and teens can avoid ransomware recruitment traps

This type of cybercrime thrives on silence and speed. Slowing things down protects families and futures.

Tips for parents and guardians to spot fake job scams early

Parents play a critical role in spotting early warning signs, especially when online “work” starts happening behind closed doors or moves too fast to explain.

1) Pay attention to how online “jobs” are communicated

Ask which platforms your child uses for work conversations and who they talk to. Legitimate employers do not recruit through Telegram or Discord DMs.

2) Question sudden income with no clear employer

Money appearing quickly, especially in crypto, deserves scrutiny. Real jobs provide paperwork, supervisors and pay records.

3) Treat secrecy as a serious warning sign

If a teen is told to keep work private from parents or teachers, that is not independence. It is manipulation.

4) Talk early about legal consequences online

Many teens do not realize that cybercrime can lead to federal charges. Honest conversations now prevent life-changing outcomes later. Also, monitoring may feel uncomfortable. However, silence creates more risk.

Tips for teens to avoid fake job offers and cybercrime traps

Teenagers with tech skills have real opportunities ahead, but knowing how to spot fake offers can mean the difference between building a career and facing serious legal trouble.

1) Be skeptical of private messages offering fast money

Real companies do not cold-recruit through private chats or gaming servers.

2) Avoid crypto-only payment offers

Being paid only in cryptocurrency is a common tactic used to hide criminal activity.

3) Choose legal paths to build skills and reputation

Bug bounty programs, cybersecurity clubs and internships offer real experience without risking your future. Talent opens doors. Prison closes them.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com

FBI WARNS OF FAKE KIDNAPPING PHOTOS USED IN NEW SCAM

Kurt’s key takeaways

What makes this trend so unsettling is how ordinary it all looks. The job ads sound harmless. The chats feel friendly. The crypto payouts seem exciting. But underneath that surface is a pipeline pulling teenagers into serious crimes with real consequences. Many kids do not realize how far they have gone until it is too late. What starts as a quick call or a side hustle can turn into federal charges and years of fallout. Cybercrime moves fast. Accountability usually shows up much later. By the time it does, the damage is already done.

If fake job ads can quietly recruit teenagers into ransomware gangs, how confident are you that your family or workplace would spot the warning signs before it is too late? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

Copyright 2026 CyberGuy.com.  All rights reserved.

A UK employment tribunal rejected a request from fired Rockstar Games employees to receive interim pay while waiting for a full hearing about their dismissal, according to Bloomberg and IGN. After Rockstar fired 34 employees last year — 31 from the UK and three from Canada — the Independent Workers’ Union of Great Britain (IWGB) accused the company of “union busting.” Rockstar claims that the fired employees were leaking company information in a Discord channel.

The hearing took place over two days last week. “Despite being refused interim relief today, we’ve come out of last week’s hearing more confident than ever that a full and substantive tribunal will find Rockstar’s calculated attempt to crush a union to be not only unjust but unlawful,” IWGB president Alex Marshall says in a statement. “The fact that we were granted this hearing speaks to the strength of our case and, over the course of the two-day hearing, Rockstar consistently failed to back up claims made in the press or to refute that they acted unfairly, maliciously, and in breach of their own procedures.”

“We regret that we were put in a position where dismissals were necessary, but we stand by our course of action as supported by the outcome of this hearing,” a Rockstar Games spokesperson says in statements to Bloomberg and IGN. Rockstar and owner Take-Two didn’t immediately reply to a request for comment.

Rockstar is working on Grand Theft Auto VI, which was recently delayed from a planned May launch to November 19th.

Android TV streaming boxes that promise “everything for one price” are everywhere right now. 

You’ll see them on big retail sites, in influencer videos, and even recommended by friends who swear they’ve cut the cord for good. And to be fair, they look irresistible on paper, offering thousands of channels for a one-time payment. But security researchers are warning that some of these boxes may come with a hidden cost.

In several cases, devices sold as simple media streamers appear to quietly turn your home internet connection into part of larger networks used for shady online activity. And many buyers have no idea it’s happening.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

WHY JANUARY IS THE BEST TIME TO REMOVE PERSONAL DATA ONLINE

What’s inside these streaming boxes

According to an investigation by Krebs on Security, media streaming devices don’t behave like ordinary media streamers once they’re connected to your network. Researchers closely examine SuperBox, which is an Android-based streaming box sold through third-party sellers on major retail platforms. On paper, SuperBox markets itself as just hardware. The company claims it doesn’t pre-install pirated apps and insists users are responsible for what they install. That sounds reassuring until you look at how the device actually works.

To unlock the thousands of channels SuperBox advertises, you must first remove Google’s official app ecosystem and replace it with an unofficial app store. That step alone should raise eyebrows. Once those custom apps are installed, the device doesn’t just stream video but also begins routing internet traffic through third-party proxy networks.

What this means is that your home internet connection may be used to relay traffic for other people. That traffic can include ad fraud, credential stuffing attempts and large-scale web scraping.

During testing by Censys, a cyber intelligence company that tracks internet-connected devices, SuperBox models immediately contacted servers tied to Tencent’s QQ messaging service, run by Tencent, as well as a residential proxy service called Grass.

Grass describes itself as an opt-in network that lets you earn rewards by sharing unused internet bandwidth. This suggests that SuperBox devices may be using SDKs or tooling that hijack bandwidth without clear user consent, effectively turning the box into a node inside a proxy network.

Why SuperBox activity resembles botnet behavior

In simple terms, a botnet is a large group of compromised devices that work together to route traffic or perform online tasks without the owners realizing it.

Researchers discovered SuperBox devices contained advanced networking and remote access tools that have no business being on a streaming box. These included utilities like Tcpdump and Netcat, which are commonly used for network monitoring and traffic interception.

The devices performed DNS hijacking and ARP poisoning on local networks, techniques used to redirect traffic and impersonate other devices on the same network. Some models even contained directories labeled “secondstage,” suggesting additional payloads or functionality beyond streaming.

SuperBox is just one brand in a crowded market of no-name Android streaming devices. Many of them promise free content and quick setup, but often come preloaded with malware or require unofficial app stores that expose users to serious risk.

In July 2025, Google filed a lawsuit against operators behind what it called the BADBOX 2.0 botnet, a network of more than ten million compromised Android devices. These devices were used for advertising fraud and proxy services, and many were infected before consumers even bought them.

Around the same time, the Feds warned that compromised streaming and IoT devices were being used to gain unauthorized access to home networks and funnel traffic into criminal proxy services.

We reached out to SuperBox for comment but did not receive a response before our deadline.

8 steps you can take to protect yourself

If you already own one of these streaming boxes or are thinking about buying one, these steps can help reduce your risk significantly.

1) Avoid devices that require unofficial app stores

If a streaming box asks you to remove Google Play or install apps from an unknown marketplace, stop right there. This bypasses Android’s built-in security checks and opens the door to malicious software. Legitimate Android TV devices don’t require this.

2) Use strong antivirus software on your devices

Even if the box itself is compromised, strong antivirus software on your computers and phones can detect suspicious network behavior, malicious connections or follow-on attacks like credential stuffing. Strong antivirus software monitors behavior, not just files, which matters when malware operates quietly in the background. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

3) Put streaming devices on a separate or guest network

If your router supports it, isolate smart TVs and streaming boxes from your main network. This prevents a compromised device from seeing your laptops, phones or work systems. It’s one of the simplest ways to limit damage if something goes wrong.

4) Use a password manager

If your internet connection is being abused, stolen credentials often come next. A password manager ensures every account uses a unique password, so one leak doesn’t unlock everything. Many password managers also refuse to autofill on suspicious or fake websites, which can alert you before you make a mistake.

MAKE 2026 YOUR MOST PRIVATE YEAR YET BY REMOVING BROKER DATA

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

5) Consider using a VPN for sensitive activity

A VPN won’t magically fix a compromised device, but it can reduce exposure by encrypting your traffic when browsing, banking or working online. This makes it harder for third parties to inspect or misuse your data if your network is being relayed.

For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices at Cyberguy.com.

6) Watch your internet usage and router activity

Unexpected spikes in bandwidth, slower speeds or strange outbound connections can be warning signs. Many routers show connected devices and traffic patterns.

If you notice suspicious traffic or behavior, unplug the streaming box immediately and perform a factory reset on your router. In some cases, the safest option is to stop using the device altogether.

Also, make sure your router firmware is up to date and that you’ve changed the default admin password. Compromised devices often try to exploit weak router settings to persist on a network.

7) Be wary of “free everything” streaming promises

Unlimited premium channels for a one-time fee usually mean you’re paying in some other way, often with your data, bandwidth or legal exposure. If a deal sounds too good to be true, it usually is.

8) Consider a data removal service

If your internet connection or accounts have been abused, your personal details may already be circulating among data brokers. A data removal service can help opt you out of people-search sites and reduce the amount of personal information criminals can exploit for follow-up scams or identity theft. While it won’t fix a compromised device, it can limit long-term exposure.

10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Kurt’s key takeaway

Streaming boxes like SuperBox thrive on frustration. As subscriptions pile up, people look for shortcuts. But when a device promises everything for nothing, it’s worth asking what it’s really doing behind the scenes. Research shows that some of these boxes don’t just stream TV. They quietly turn your home network into a resource for others, sometimes for criminal activity. Cutting the cord shouldn’t mean giving up control of your internet connection. Before plugging in that “too good to be true” box, it’s worth slowing down and looking a little closer.

Would you still use a streaming box if it meant sharing your internet with strangers? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

Copyright 2026 CyberGuy.com. All rights reserved.