October 13, 2021 By David Bisson 2 min read

It’s sometimes easy to think phishing or vishing scams only work on people who aren’t very savvy online. Namely, there’s a sense that Generation Z (born after 1997) and Millennials (born between 1981 and 1996) have good enough cyber awareness to avoid online tricks. But social engineering scammers are finding success with these groups. The number of online scam victims aged 20 and younger increased 156% between 2017 and 2020, according to Social Catfish’s The State of Internet Scams 2021 report.

A Growing Volume of Young Online Scam Victims

The number of scam victims under 20 years old increased from 9,053 in 2017 to 23,186 three years later.

Young people registered the greatest increase among all other age groups across the reporting period. The over-60 age group increased 112% from 49,523 to 105,301, for instance. In the 40-to-49 group, the volume of scam victims grew 104% from 44,878 to 91,568.

Supporting this finding, SocialCatfish also interviewed an editor who surveyed 700 U.S. adults. Their study revealed that individuals aged 18 to 29 took a dubious first prize as victims of identity theft at 15%. By comparison, the rate for people over 45 stood more firm at just 8%.

Why Are Young People Falling for Scams?

Social Catfish wasn’t expecting the results shared above. As quoted from its research:

We are shocked to see that the number of victims who are younger than 20 years has increased by 156% since 2017.

According to HuffPost, this is due to the fact that [Millennials] have grown up with computers and are more comfortable with sharing personal details online. A major example of this would be innocent-looking online quizzes posted on social media or someone claiming to desire to be their online friend so that the victims would trust them enough to give away their personal information.

Certainly, part of the puzzle is that younger people embrace a culture where they can share. However, other reasons factor in to why they fall for online scams as well.

Back in 2016, Consumer Reports shared the results of a survey from the Better Business Bureau (BBB) in which many scam victims tended to be young and well-educated. The study attributed this finding to the fact that younger people tended to suffer from “optimism bias,” a way of thinking “that makes them feel invulnerable and causes them not to take safety precautions”. In particular, people 18 – 34 were more likely to be taken in by false offers of employment.

This finding challenges the “distorted lens” of seeing scam victims as unintelligent, old and gullible, as noted by the BBB.

In 2019, the Federal Trade Commission reported that Millennials were “more likely to report losing money to fraud than people 40 and over generally, and much more likely to report a loss on certain types of fraud.”

How to Protect Employees Against Online Scam Attempts

Companies and agencies need to help cultivate all their employees’ awareness of scam attempts. Towards that end, they need to take a holistic approach to cybersecurity training. This involves knowing that such training begins in the onboarding process and ends only once they leave. Digital threats constantly change; education programs need to keep up with that change.

At the same time, security awareness training programs can be holistic by not taking a one-size-fits-all approach. Craft education modules that apply to engineers, developers and other groups. Plus, develop programs that work for remote workers by connecting them to tailored courses produced by third-party providers and by educating them about internal security resources.

More from News

DHS establishes Artificial Intelligence Safety and Security Board

3 min read - As part of its commitment to addressing the rapid growth and adoption of AI technology across all industries and sectors, the Department of Homeland Security (DHS) announced the establishment of the Artificial Intelligence Safety and Security Board in late April. The Board’s first meeting is planned for early May when they will begin the task of focusing on how to develop and deploy AI technology within the United States’ critical infrastructure safely and securely. Based on the DHS Homeland Threat…

White House cements CISA’s role as national coordinator for cybersecurity

2 min read - In 2013, the Obama Administration rolled out "The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience", a forerunner to the Cybersecurity and Infrastructure Security Agency (CISA), created "to strengthen and maintain secure, functioning and resilient critical infrastructure." The directive was groundbreaking in 2013, noting the importance of the rising risk of cyberattacks against critical infrastructure. But as cyber risks are constantly shifting, every cybersecurity program needs to be re-evaluated, and CISA is no exception. That’s why, in April 2024,…

Debate rages over DMCA Section 1201 exemption for generative AI

3 min read - The Digital Millennium Copyright Act (DMCA) is a federal law that protects copyright holders from online theft. The DMCA covers music, movies, text and anything else under copyright. The DMCA also makes it illegal to hack technologies that copyright owners use to protect their works against infringement. These technologies can include encryption, password protection or other measures. These provisions are commonly referred to as the “Anti-Circumvention” provisions or “Section 1201”. Now, a fierce debate is brewing over whether to allow…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today