October 13, 2021 By David Bisson 2 min read

It’s sometimes easy to think phishing or vishing scams only work on people who aren’t very savvy online. Namely, there’s a sense that Generation Z (born after 1997) and Millennials (born between 1981 and 1996) have good enough cyber awareness to avoid online tricks. But social engineering scammers are finding success with these groups. The number of online scam victims aged 20 and younger increased 156% between 2017 and 2020, according to Social Catfish’s The State of Internet Scams 2021 report.

A Growing Volume of Young Online Scam Victims

The number of scam victims under 20 years old increased from 9,053 in 2017 to 23,186 three years later.

Young people registered the greatest increase among all other age groups across the reporting period. The over-60 age group increased 112% from 49,523 to 105,301, for instance. In the 40-to-49 group, the volume of scam victims grew 104% from 44,878 to 91,568.

Supporting this finding, SocialCatfish also interviewed an editor who surveyed 700 U.S. adults. Their study revealed that individuals aged 18 to 29 took a dubious first prize as victims of identity theft at 15%. By comparison, the rate for people over 45 stood more firm at just 8%.

Why Are Young People Falling for Scams?

Social Catfish wasn’t expecting the results shared above. As quoted from its research:

We are shocked to see that the number of victims who are younger than 20 years has increased by 156% since 2017.

According to HuffPost, this is due to the fact that [Millennials] have grown up with computers and are more comfortable with sharing personal details online. A major example of this would be innocent-looking online quizzes posted on social media or someone claiming to desire to be their online friend so that the victims would trust them enough to give away their personal information.

Certainly, part of the puzzle is that younger people embrace a culture where they can share. However, other reasons factor in to why they fall for online scams as well.

Back in 2016, Consumer Reports shared the results of a survey from the Better Business Bureau (BBB) in which many scam victims tended to be young and well-educated. The study attributed this finding to the fact that younger people tended to suffer from “optimism bias,” a way of thinking “that makes them feel invulnerable and causes them not to take safety precautions”. In particular, people 18 – 34 were more likely to be taken in by false offers of employment.

This finding challenges the “distorted lens” of seeing scam victims as unintelligent, old and gullible, as noted by the BBB.

In 2019, the Federal Trade Commission reported that Millennials were “more likely to report losing money to fraud than people 40 and over generally, and much more likely to report a loss on certain types of fraud.”

How to Protect Employees Against Online Scam Attempts

Companies and agencies need to help cultivate all their employees’ awareness of scam attempts. Towards that end, they need to take a holistic approach to cybersecurity training. This involves knowing that such training begins in the onboarding process and ends only once they leave. Digital threats constantly change; education programs need to keep up with that change.

At the same time, security awareness training programs can be holistic by not taking a one-size-fits-all approach. Craft education modules that apply to engineers, developers and other groups. Plus, develop programs that work for remote workers by connecting them to tailored courses produced by third-party providers and by educating them about internal security resources.

More from News

ONCD releases request for information: Open-source software security

3 min read - Open-source software is a collective partnership across the development community that requires both private and public buy-in. However, securing open-source software can be tricky. With so many different people working on the coding, security measures are often overlooked, increasing the chances that a vulnerability will fall through the cracks and be exploited. The Open-Source Software Security Initiative (OS31) aims to provide governance over open-source security processes. After the Log4Shell vulnerability, securing open-source software became a top priority for the federal…

3,000 “ghost accounts” on GitHub spreading malware

3 min read - In the past, cyber criminals directly distributed malware on GitHub using encrypted scripting code or malicious executables. But now threat actors are turning to a new tactic to spread malware: creating ghost accounts. A highly effective malware campaign Check Point Research recently exposed a new distribution-as-a-service (DaaS) network, referred to as the Stargazers Ghost Network, that has been spreading malware on GitHub for at least a year. Because the accounts perform typical activities as well, users did not realize that…

Warren Buffett’s warning highlights growing risk of cyber insurance losses

3 min read - The United States cyber insurance industry continues to see strong profits, according to Fitch Ratings. Average premium increases, meanwhile, have moderated over the last three years: While 2021 saw a 34% jump in premium pricing and costs rose 15% in 2022, increases were under 1% in 2023.As noted by the Fitch Ratings report, "segment underwriting profitability at current levels is unsustainable as cyber insurance pricing is likely to remain flat or down going forward." While this is good news for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today