It’s sometimes easy to think phishing or vishing scams only work on people who aren’t very savvy online. Namely, there’s a sense that Generation Z (born after 1997) and Millennials (born between 1981 and 1996) have good enough cyber awareness to avoid online tricks. But social engineering scammers are finding success with these groups. The number of online scam victims aged 20 and younger increased 156% between 2017 and 2020, according to Social Catfish’s The State of Internet Scams 2021 report.

A Growing Volume of Young Online Scam Victims

The number of scam victims under 20 years old increased from 9,053 in 2017 to 23,186 three years later.

Young people registered the greatest increase among all other age groups across the reporting period. The over-60 age group increased 112% from 49,523 to 105,301, for instance. In the 40-to-49 group, the volume of scam victims grew 104% from 44,878 to 91,568.

Supporting this finding, SocialCatfish also interviewed an editor who surveyed 700 U.S. adults. Their study revealed that individuals aged 18 to 29 took a dubious first prize as victims of identity theft at 15%. By comparison, the rate for people over 45 stood more firm at just 8%.

Why Are Young People Falling for Scams?

Social Catfish wasn’t expecting the results shared above. As quoted from its research:

We are shocked to see that the number of victims who are younger than 20 years has increased by 156% since 2017. According to HuffPost, this is due to the fact that [Millennials] have grown up with computers and are more comfortable with sharing personal details online. A major example of this would be innocent-looking online quizzes posted on social media or someone claiming to desire to be their online friend so that the victims would trust them enough to give away their personal information.

Certainly, part of the puzzle is that younger people embrace a culture where they can share. However, other reasons factor in to why they fall for online scams as well.

Back in 2016, Consumer Reports shared the results of a survey from the Better Business Bureau (BBB) in which many scam victims tended to be young and well-educated. The study attributed this finding to the fact that younger people tended to suffer from “optimism bias,” a way of thinking “that makes them feel invulnerable and causes them not to take safety precautions”. In particular, people 18 – 34 were more likely to be taken in by false offers of employment.

This finding challenges the “distorted lens” of seeing scam victims as unintelligent, old and gullible, as noted by the BBB.

In 2019, the Federal Trade Commission reported that Millennials were “more likely to report losing money to fraud than people 40 and over generally, and much more likely to report a loss on certain types of fraud.”

How to Protect Employees Against Online Scam Attempts

Companies and agencies need to help cultivate all their employees’ awareness of scam attempts. Towards that end, they need to take a holistic approach to cybersecurity training. This involves knowing that such training begins in the onboarding process and ends only once they leave. Digital threats constantly change; education programs need to keep up with that change.

At the same time, security awareness training programs can be holistic by not taking a one-size-fits-all approach. Craft education modules that apply to engineers, developers and other groups. Plus, develop programs that work for remote workers by connecting them to tailored courses produced by third-party providers and by educating them about internal security resources.