Skip to main content

Under 25s more likely to be duped by phishing scams

(Image credit: Image Credit: wk1003mike / Shutterstock)

Each day that you log into Twitter, it’s seemingly a different ‘awareness’ day or week. Hashtags are hijacked to spread the awareness of a topic, show appreciation for someone or, if you’re being cynical, to help sell something. While many of these occasions are consumer-driven and attract memes and other humorous quips, sometimes they really do highlight and tackle important issues that are impacting people of all ages.

One example is ‘Get Safe Online Week’ which took place in late October. The week addressed the lack of awareness that still exists around surfing the internet securely, and promoted best practice advice from security experts to reduce the frequency that people fall victim to cybercrime.

As part of the event, Get Safe Online – the organisers – published survey findings that revealed that under 25s are now more than twice as likely to fall victim to ‘friends and family’ phishing scams than baby boomers (over 55s). Furthermore, not only are they being duped more often, but they’re also being scammed out of more money each time – typically losing £613 compared to £214 by the older generation. The survey went on to identify phishing as the tactic used most often to trick unfortunate victims into handing over cash.

The significance of the stats  

The findings challenge, and will hopefully help to dispel, the lingering belief that older generations are more vulnerable to cybercrime. This perception exists because older people typically have more money and assets, so seemingly represent the bigger ‘fish’. When thinking about physical crime such as burglary this idea may still have an element of truth – but things are different when it comes to cybercrime.

Perpetrators no longer have to sneak around in dark clothes and balaclavas testing for unlocked windows, in fact, they don’t have to put themselves at the scene of the crime at all. The tools required to conduct attacks are readily available and simple-to-use, meaning even those with little IT know-how are able to initiate scam attempts that can target hundreds of people simultaneously.

This ease of attack means they no longer care about simply targeting high-value individuals. Casting the net far and wide to target anyone, regardless of situation and background, is likely to generate higher returns. After all, £100 is the same whoever it comes from.

Additionally, the findings highlight the supposed level of complacency younger generation can have when operating online. Having grown-up in the ‘always on’ culture, younger people feel so comfortable using devices, apps, social media and other online services that they consider themselves truly cyber-savvy. They don’t believe that they’ll easily be duped by scams and it’s this dropping of their guard that makes them vulnerable.

The survey also reveals how cybercrime tactics are changing. When email was first adopted by the masses, scammers would rely on phishing emails when attempting to trick victims. Whether it was informing potential victims that they had won the Nigerian Lottery or some other competition they hadn’t entered, attackers hoped to encourage them onto dodgy pages where they would either enter their personal details in order to claim the ‘prize’, or download malware which could lead to further data loss and fraud attempts.

Phishing emails still exist today but it’s more likely to be ‘HMRC’ informing you of a tax rebate or ‘Apple’ warning you that your iCloud account has been compromised and that you need to change your details – hackers are simply switching the bait. They’re using more believable modern scenarios which are just more likely to dupe someone.

As if this wasn’t bad enough, hackers have now taken it one step further by using social media. Younger generations spend more time sending DMs than emails, so cybercriminals are widening the number of channels they use to match. Instead of pretending to be a company, they hack social media accounts – a relatively easy task given the huge amount of login information floating around on the Dark Web combined with our tendency to reuse details across multiple sites and pretend to be that individual. They then reach out to that person’s friends and family and encourage them to send money, often through the use of a fabricated story that suggests they’re in distress and in urgent need of cash.

Good cybersecurity and sensible surfing shouldn’t be generational 

As ever-more people sign up to online services and platforms, it increases their personal risk. The more personal data uploaded, the more damaging it can be if that information becomes compromised. As such, they require a better understanding of how to keep themselves safe online – particularly as scammers are consistently evolving their tactics to match consumer habits.

There are many things individuals can do to better protect themselves online and decrease risk:

·         Use different passwords across accounts – limiting the usefulness of compromised details
·         Better yet, use a password manager – ensures passwords for each account are long and complex, making them much harder to hack
·         Keep all devices up-to-date with the latest patches and anti-virus – fixes all existing vulnerabilities and any downloaded malware is flagged, quarantined and deleted immediately
·         Where possible, activate two-step verification – applications will require your username and password as well as an additional code that is sent to your phone. This ensures that even if all of your details are stolen, your accounts cannot be accessed
·         Regularly use tools that can check to see if personal data has been lost in a breach – criminals really need very little information to begin impersonating an individual so it’s imperative for consumers to know if any of their data is readily available due to a previously compromised database
·         Increase vigilance and really scrutinise emails and other correspondence asking for information or money.

Ultimately, consumers of all ages need to be taught to be more vigilant online and know the red flags of phishing attempts. While one would hope that a true friend in need would pick up the phone and call rather than rely on a social media platform to reach out, it’s easy to drop your guard when you believe a friend is in need.

Andrew Martin, founder and CEO, DynaRisk (opens in new tab)
Image Credit: wk1003mike / Shutterstock

Andrew Martin is founder and CEO of DynaRisk. Its tool calculates an individual’s online risk score based on 50 personal and technical factors. Find out your rating here: