The most in-demand skill on cybercrime recruiting sites is English-speaking social engineering. According to cybersecurity company Reliaquest, job posts more than doubling from 2024 to 2025, with recruiters accounting for 87 percent of these postings, indicating strong demand.
The underground cybercrime job market is booming. Job-related posts on prominent cybercriminal forums like “Exploit” and “RAMP” more than doubled between 2023 and 2024. By July 2025, the number of recruitment and self-promotion posts had already matched last year’s total.
“The market’s rapid growth market marks a critical shift in the threat landscape: Cybercrime is becoming more organized, specialized, and efficient. Think of job postings and platforms like LinkedIn or Indeed come to mind. But cybercriminals have their own thriving job market on the dark web. Here, “recruiters” seek specialists with cutting-edge skills, driving adversaries to upskill and act as job seekers in an ecosystem that mirrors legitimate hiring practices,” reports Reliaquest.
High demand for English-speaking social skills
Reliaquest believes that the current high demand for English-speaking social engineering skills may be fueled by the success of groups like “Scattered Spider” , otherwise know as “The Community”. The youthful hackers who make up this group are not a highly organized and centralized gang of hardened cybercriminals. They are youngsters mainly still in their teens in the US and the UK, who have moved from gaming into cybercrime and are frequently being groomed online by overseas criminal gangs. Their numbers are already in the thousands and believed to be growing.
The reason why their skills are in such high demand is because of their familiarity with Western culture and the fact their accents and use of language are far less likely to raise a red flag than would be the case for hackers based in locations such as Russia. “Voice phishing” attacks, where an English-speaking hacker calls a member of the target organization’s staff on the phone and scams them into providing access codes are seen to be particularly effective. The hackers frequently pose as a member of the organization IT support team. English or American youngsters with strong IT skills are particularly well-suited to this form of deception. The wide availability of off-the-shelf tools such as Ransomware-as-a-Service (RaaS) also facilitates these attacks.
