If you asked this question a few years ago, many might have assumed that older generations would be the primary targets of online scams. It makes sense. Most of us view phishing and email scams as clumsy, low-effort routines designed to take advantage of people who simply aren’t as digitally savvy as the younger generation.  

However, in a surprising twist, a recent study from Deloitte indicates that it's the younger generations, Millennials and Gen Z, who are more likely to become victims of online scams, malware, and identity theft. Why would those generations who have lived their lived their entire lives in an internet-connected world be more at risk? The numbers paint the picture. 

Younger generations have more attack surfaces than those that came before them 

One might think that growing up in the digital age would make Millennials and Gen Z more immune to online scams. After all, those groups are thought of as the "tech-savvy" generations. But the reality is quite different. The very familiarity they have with technology can lead to a false sense of security, making them more susceptible to online scams.  

Statistically speaking, the odds are stacked against younger generations because they're online in more places, and they connect to the world through more devices. In fact, the study shows, younger generations have a 16% chance of falling for an online scam vs. their elders who run at only a 5% chance. 

Most of us, this author’s teams included, use many devices across our professional lives and our personal lives. 

The boundary between personal and professional life has become increasingly blurred for younger generations. They share devices across work and leisure, making it easier for cybercriminals to infiltrate both aspects. A scam that begins with a seemingly innocuous email or message can quickly escalate into a serious breach, affecting their employers’ systems, their personal finances, and impacting professional reputation.  

Millennials and Gen Z natively work and play online more than any other group. They seamlessly transition from laptops to smartphones to tablets, and even smart home devices. This connectivity offers undeniable convenience, but it also provides multiple entry points for cybercriminals to exploit. 

Everyone wants the online convenience while few want to manage all the devices 

The desire for seamless, tech-driven experiences is universal. We all enjoy the convenience that technology offers. With a few keystrokes and clicks, we can check our credit card balances, pay our bills, order a new jacket, buy a plane ticket, and let hundreds of our friends know we’re headed to Colorado in December—all in under 20 minutes. 

That was unimaginable just 20 years ago. But all of those effortless transactions have led us into a paradox of the digital age—we all want greater convenience and connectivity but we don’t care to manage the complexity of security. That leads us, even the most tech-savvy among us, into increased vulnerability to cyber threats. 

An example of phishing in a multi-device lifestyle 

Let's consider Sarah, a 27-year-old marketing professional who embodies the digital paradox. Sarah lives and breathes on the cutting edge of technology, with the latest smartphone, smartwatch, and smart home devices. Sarah is a true digital pro, able to juggle work, social life, and personal interests through all her disparate devices. However, her interconnected digital world also exposes her to risks. 

One day, Sarah receives a text message alerting her that there’s a suspicious charge on her bank account. Then, checking her email, she sees a new message from her bank, urgently requesting her to log in and check her account for a suspicious charge. The email looks convincing, complete with the bank's logo and branding, and it even has a convincing looking return email address.  

Knowing there are digital dangers in the world, she clicks on the link and lands on the bank’s login page. She enters her personal details, but the password isn’t correct. No worries, thinks Sarah, she probably used the wrong password (after all, she avoids using the same password everywhere). The second try doesn’t work either. She enters another password, and the page reloads, leaving her wondering what’s going on. 

Sarah may only then be aware she’s fallen victim to a phishing scam. In this case, cybercriminals collected her name, email, and phone number from the dark web. They then built a fake login page for the bank, and have now collected her username, and at least two versions of her password. They can now access her bank account and personal information and can try those passwords on any other account she might have that uses her same email as a login. Sarah's tech-savviness, ironically, worked against her. 

Healthy skepticism works for every generation 

The best option is to be sure your devices are secured, and keep a healthy and cautious mindset. 

What can we learn from Sarah's story and the digital paradox? The best defense against online scams, malware, and identity theft is a combination of robust device security and a vigilant mindset. 

• Secure your devices. Ensure that all your devices are protected with up-to-date antivirus software, firewalls, and strong, unique passwords (for every different account you might have). Regularly update your device operating systems and apps to patch vulnerabilities. 
   
• Practice caution: Always exercise caution when receiving unsolicited emails, messages, or requests for personal information. Verify the authenticity of sources before clicking on links or sharing sensitive data. 
   

• Educate yourself: Stay informed about the latest cybersecurity threats and scams. Knowledge is your most potent weapon against cybercriminals. 
   
• Use two-factor authentication: Enable two-factor authentication wherever possible to add an extra layer of security to your accounts. 
   
• Protect your personal information: Be mindful of the information you share online, especially on social media. Cybercriminals often gather personal details from public profiles. 

While it’s true that Millennials and Gen Z might be the generations most at ease with technology, that ease unexpectedly makes them a more prevalent target for online scams. The digital age offers incredible opportunities and convenience, but it also demands heightened vigilance. By securing your devices and maintaining a cautious mindset, you can navigate the digital world safely and protect yourself from the lurking threats of online scams, malware, and identity theft.