See if your information has been exposed in a data breach with our latest free tool Check Now
Cyber crime

Six-figure salaries and PTO: how cyber-criminals attract new talent

Niek Dekker
4 Min

Any finance or accounting leader can tell you how difficult it is to find and retain the right talent. Cyber-crime groups face similar challenges, and some of them use all kinds of unsavoury ways to find the skills they need.

But it’s important to remember that many of these groups are more organised and sophisticated than you might guess from looking at the hoodie-wearing faceless menaces that usually appear in visual depictions of cyber-criminals (including the one at the top of this blog).

In fact, a Kaspersky report reveals that some of them are taking more traditional approaches to recruitment, using the dark web to target in-demand workers with attractive salaries, paid time off and sizable bonuses.

It’s a concern because many workers are feeling the squeeze of inflation, and the tech sector has seen large amounts of redundancies across the world. Plus, advancements in areas like generative AI are compounding existing cyber threats, which were already on the rise. If cyber-criminals’ talent pools are getting larger, then it makes an imbalanced fight even more imbalanced.

Find out how they’re approaching recruitment and how to protect your own organisation.

Who is behind dark-web recruitment and what are they looking for?

In an analysis of more than 800 dark web ads, Kaspersky found that cyber-crime groups are using a range of methods to recruit individuals with specialised skills, including posting job adverts on dark web forums and marketplaces.

Those groups are often Advanced Persistent Threat (APT) groups or hacking teams. While it’s no surprise that they’re hunting for technical skills to help develop and spread malware, they’re also looking for people with backgrounds in areas like finance, accounting and law, as well as everyday IT infrastructure maintenance.

As cyber-crime organisations continue to become more sophisticated outfits, they need many of the same functions and skill sets as legitimate organisations.

What kind of roles are cyber-criminals offering?

Some of the most common types of roles that cyber-crime groups look for include:

  • money mules, who are responsible for transferring funds and laundering money
  • account managers, who handle the finances and operations of the cyber-crime organisation
  • technical specialists, who are responsible for carrying out cyber attacks and developing malware

Of those technical specialists, Kaspersky found that developers are by far the most in-demand roles, making up 61% of dark web job adverts.


As for the recruitment processes themselves, many look pretty similar to the ones you’ll find in legitimate organisations. The vast majority (82%) of adverts required tests and assignments – including paid assignments, so maybe take note if your organisation’s recruitment process asks candidates to do a lot of unpaid labour.


Attractive salaries and benefits – with major downsides

Dark web employers are offering attractive salaries and benefits to entice talent, including bonuses for successful operations, promotions and incentive plans. Remote work is less a perk and more a necessity for anonymous criminal activities, but there’s also a large variety of employment terms:

  • full-time
  • part-time
  • traineeships
  • business relationships, partnerships and team membership

And what candidate doesn’t want a pleasant work culture? Roughly 8% of ads tout the opportunity to be part of a “close-knit team.”

The report also highlights that cyber-criminals are increasingly using professional language and tone in their recruitment adverts, in an attempt to appear legitimate and attract more qualified candidates.

While it’s important to be aware of how cyber-crime groups are trying to entice candidates, it’s equally important to emphasise that any promised perks are vastly outweighed by the lack of protections and guarantees for workers.

Without a legitimate employment contract, workers are vulnerable to exploitation, have little to no recourse if they’re mistreated or unpaid, and might risk facing their own criminal charges. Moreover, a lot of us want to find meaning and purpose in our work – that might be hard if you’re part of an organisation that does things like debilitating hospitals or using cancer patients’ sensitive medical information to extort their healthcare providers.

How can finance leaders protect their organisations?

With threat actors becoming more organised and sophisticated, risks of cyber-crime and fraud are likely to keep rising. Because so much cyber-crime is financially motivated, accounts payable (AP) and finance teams tend to be on the frontlines.

And while it’s unlikely that your organisation is losing out on talent because of too much competition with cyber-criminals, talent acquisition and retention are still challenging (and expensive) for many AP and finance teams.

Fortunately, there are a few ways to address security challenges and recruitment challenges at the same time. A robust cyber-crime strategy can streamline risky processes, plug the security gaps created by IT and finance siloes, create new efficiencies that improve employee experiences and reduce stressful, monotonous tasks.

Want to improve security and employee experiences simultaneously?
Check out the 2023 Cybersecurity Guide for CFOs to learn more about the types of threat actors targeting businesses and how you can protect your organisation’s finances.

Related articles

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.