October 13, 2021 By David Bisson 2 min read

It’s sometimes easy to think phishing or vishing scams only work on people who aren’t very savvy online. Namely, there’s a sense that Generation Z (born after 1997) and Millennials (born between 1981 and 1996) have good enough cyber awareness to avoid online tricks. But social engineering scammers are finding success with these groups. The number of online scam victims aged 20 and younger increased 156% between 2017 and 2020, according to Social Catfish’s The State of Internet Scams 2021 report.

A Growing Volume of Young Online Scam Victims

The number of scam victims under 20 years old increased from 9,053 in 2017 to 23,186 three years later.

Young people registered the greatest increase among all other age groups across the reporting period. The over-60 age group increased 112% from 49,523 to 105,301, for instance. In the 40-to-49 group, the volume of scam victims grew 104% from 44,878 to 91,568.

Supporting this finding, SocialCatfish also interviewed an editor who surveyed 700 U.S. adults. Their study revealed that individuals aged 18 to 29 took a dubious first prize as victims of identity theft at 15%. By comparison, the rate for people over 45 stood more firm at just 8%.

Why Are Young People Falling for Scams?

Social Catfish wasn’t expecting the results shared above. As quoted from its research:

We are shocked to see that the number of victims who are younger than 20 years has increased by 156% since 2017.

According to HuffPost, this is due to the fact that [Millennials] have grown up with computers and are more comfortable with sharing personal details online. A major example of this would be innocent-looking online quizzes posted on social media or someone claiming to desire to be their online friend so that the victims would trust them enough to give away their personal information.

Certainly, part of the puzzle is that younger people embrace a culture where they can share. However, other reasons factor in to why they fall for online scams as well.

Back in 2016, Consumer Reports shared the results of a survey from the Better Business Bureau (BBB) in which many scam victims tended to be young and well-educated. The study attributed this finding to the fact that younger people tended to suffer from “optimism bias,” a way of thinking “that makes them feel invulnerable and causes them not to take safety precautions”. In particular, people 18 – 34 were more likely to be taken in by false offers of employment.

This finding challenges the “distorted lens” of seeing scam victims as unintelligent, old and gullible, as noted by the BBB.

In 2019, the Federal Trade Commission reported that Millennials were “more likely to report losing money to fraud than people 40 and over generally, and much more likely to report a loss on certain types of fraud.”

How to Protect Employees Against Online Scam Attempts

Companies and agencies need to help cultivate all their employees’ awareness of scam attempts. Towards that end, they need to take a holistic approach to cybersecurity training. This involves knowing that such training begins in the onboarding process and ends only once they leave. Digital threats constantly change; education programs need to keep up with that change.

At the same time, security awareness training programs can be holistic by not taking a one-size-fits-all approach. Craft education modules that apply to engineers, developers and other groups. Plus, develop programs that work for remote workers by connecting them to tailored courses produced by third-party providers and by educating them about internal security resources.

More from News

Can memory-safe programming languages kill 70% of security bugs?

3 min read - The Office of the National Cyber Director (ONCD) recently released a new report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software." The report is one of the first major announcements from new ONCD director Harry Coker and makes a strong case for adopting memory-safe programming languages. This new focus stems from the goal of rebalancing the responsibility of cybersecurity and realigning incentives in favor of long-term cybersecurity investments. Memory-safe programming languages were also included as a…

CISA hit by hackers, key systems taken offline

3 min read - The Cybersecurity and Infrastructure Security Agency (CISA) — responsible for cybersecurity and infrastructure protection across all levels of the United States government — has been hacked. “About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” a CISA spokesperson announced. In late February, CISA had already issued a warning that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Ivanti Connect Secure is a…

DOJ’s crackdown: A brief look at hacker group takedowns

3 min read - The Department of Justice (DOJ) is ramping up efforts focused on disrupting cyber criminal organizations operating within and outside of United States borders. The dismantling of Volt Typhoon, a prolific hacker collective, marked a turning point in the DOJ's offensive against cyber crime syndicates. The group was notorious for its brazen cryptocurrency scams and heists. Through coordinated global law enforcement efforts, individuals linked to the organization were apprehended, assets were frozen and critical infrastructure was seized. The success of the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today