October 13, 2021 By David Bisson 2 min read

It’s sometimes easy to think phishing or vishing scams only work on people who aren’t very savvy online. Namely, there’s a sense that Generation Z (born after 1997) and Millennials (born between 1981 and 1996) have good enough cyber awareness to avoid online tricks. But social engineering scammers are finding success with these groups. The number of online scam victims aged 20 and younger increased 156% between 2017 and 2020, according to Social Catfish’s The State of Internet Scams 2021 report.

A Growing Volume of Young Online Scam Victims

The number of scam victims under 20 years old increased from 9,053 in 2017 to 23,186 three years later.

Young people registered the greatest increase among all other age groups across the reporting period. The over-60 age group increased 112% from 49,523 to 105,301, for instance. In the 40-to-49 group, the volume of scam victims grew 104% from 44,878 to 91,568.

Supporting this finding, SocialCatfish also interviewed an editor who surveyed 700 U.S. adults. Their study revealed that individuals aged 18 to 29 took a dubious first prize as victims of identity theft at 15%. By comparison, the rate for people over 45 stood more firm at just 8%.

Why Are Young People Falling for Scams?

Social Catfish wasn’t expecting the results shared above. As quoted from its research:

We are shocked to see that the number of victims who are younger than 20 years has increased by 156% since 2017.

According to HuffPost, this is due to the fact that [Millennials] have grown up with computers and are more comfortable with sharing personal details online. A major example of this would be innocent-looking online quizzes posted on social media or someone claiming to desire to be their online friend so that the victims would trust them enough to give away their personal information.

Certainly, part of the puzzle is that younger people embrace a culture where they can share. However, other reasons factor in to why they fall for online scams as well.

Back in 2016, Consumer Reports shared the results of a survey from the Better Business Bureau (BBB) in which many scam victims tended to be young and well-educated. The study attributed this finding to the fact that younger people tended to suffer from “optimism bias,” a way of thinking “that makes them feel invulnerable and causes them not to take safety precautions”. In particular, people 18 – 34 were more likely to be taken in by false offers of employment.

This finding challenges the “distorted lens” of seeing scam victims as unintelligent, old and gullible, as noted by the BBB.

In 2019, the Federal Trade Commission reported that Millennials were “more likely to report losing money to fraud than people 40 and over generally, and much more likely to report a loss on certain types of fraud.”

How to Protect Employees Against Online Scam Attempts

Companies and agencies need to help cultivate all their employees’ awareness of scam attempts. Towards that end, they need to take a holistic approach to cybersecurity training. This involves knowing that such training begins in the onboarding process and ends only once they leave. Digital threats constantly change; education programs need to keep up with that change.

At the same time, security awareness training programs can be holistic by not taking a one-size-fits-all approach. Craft education modules that apply to engineers, developers and other groups. Plus, develop programs that work for remote workers by connecting them to tailored courses produced by third-party providers and by educating them about internal security resources.

More from News

Securing critical infrastructure with the carrot and stick

4 min read - It wasn’t long ago that cybersecurity was a fringe topic of interest. Now, headline-making breaches impact large numbers of everyday citizens. Entire cities find themselves under cyberattack. In a short time, cyber has taken an important place in the national discourse. Today, governments, regulatory agencies and companies must work together to confront this growing threat. So how is the federal government bolstering security for critical infrastructure? It looks like they are using a carrot-and-stick approach. Back in March 2022, the…

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Will data backups save you from ransomware? Think again

4 min read - Backups are an essential part of any solid anti-ransomware strategy. In fact, research shows that the median recovery cost for ransomware victims that used backups is half the cost incurred by those that paid the ransom. But not all data backup approaches are created equal. A separate report found that in 93% of ransomware incidents, threat actors actively target backup repositories. This results in 75% of victims losing at least some of their backups during the attack, and more than…

Should you worry about state-sponsored attacks? Maybe not.

4 min read - More than ever, state-sponsored cyber threats worry security professionals. In fact, nation-state activity alerts increased against critical infrastructure from 20% to 40% from 2021 to 2022, according to a recent Microsoft Digital Defense Report. With the advent of the hybrid war in Ukraine, nation-state actors are launching increasingly sophisticated attacks. But is this the most prominent danger facing companies today? While nation-state-based attacks cannot be ignored, it looks like insider cyber incidents are far more common. In fact, for the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today