Anyone can get scammed online, including the generation of Americans that grew up with the internet.
If you’re part of Generation Z — that is, born sometime between the late 1990s and early 2010s — you or one of your friends may have been the target or victim of an online scam. In fact, according to a recent Deloitte survey, members of Gen Z fall for these scams and get hacked far more frequently than their grandparents do.
Compared to older generations, younger generations have reported higher rates of victimization in phishing, identity theft, romance scams, and cyberbullying. The Deloitte survey shows that Gen Z Americans were three times more likely to get caught up in an online scam than boomers were (16 percent and 5 percent, respectively). Compared to boomers, Gen Z was also twice as likely to have a social media account hacked (17 percent and 8 percent). Fourteen percent of Gen Z-ers surveyed said they’d had their location information misused, more than any other generation. The cost of falling for those scams may also be surging for younger people: Social Catfish’s 2023 report on online scams found that online scam victims under 20 years old lost an estimated $8.2 million in 2017. In 2022, they lost $210 million.
“People that are digital natives for the most part, they’re aware of these things,” says Scott Debb, an associate professor of psychology at Norfolk State University who has studied the cybersecurity habits of younger Americans. In one 2020 study published in the International Journal of Cybersecurity Intelligence and Cybercrime, Debb and a team of researchers compared the self-reported online safety behaviors of millennials and Gen Z, the two “digitally native” generations. While Gen Z had a high awareness of online security, they fared worse than millennials in actually implementing many cybersecurity best practices in their own lives.
So, why? Why is the generation that arguably knows more about being online than any other (for now) so vulnerable to online scams and hacks?
There are a few theories that seem to come up again and again. First, Gen Z simply uses technology more than any other generation and is therefore more likely to be scammed via that technology. Second, growing up with the internet gives younger people a familiarity with their devices that can, in some instances, incentivize them to choose convenience over safety. And third, cybersecurity education for school-aged children isn’t doing a great job of talking about online safety in a way that actually clicks with younger people’s lived experiences online.
“I think Gen Z is thinking about it. We have to live with these threats every day,” says Kyla Guru, a 21-year-old computer science student at Stanford who founded a cybersecurity education organization as a teenager. When she teaches classrooms of students about email safety or phishing or social engineering, she said, there’s often an instant recognition. “They’ll be like, ‘Oh my God, I remember getting something really similar.’ Or, ‘I’ve seen a ton of these kinds of spammers in my Instagram DMs.’”
The kinds of scams that target Gen Z aren’t too dissimilar to the ones that target everyone else online. But because Gen Z relies on technology more often, on more devices, and in more aspects of their lives, there might just be more opportunities for them to encounter a bogus email or unreliable shop, says Tanneasha Gordon, a principal at Deloitte who leads the company’s data & digital trust business. Younger people are more comfortable with meeting people online, so they might be targeted with a romance scam, for instance.
“They shop a lot online,” Gordon said, “and there are so many fraudulent websites and e-commerce platforms that just literally tailor to them, that will take them from the social media platform that they’re on via a fraudulent ad.” Phishing emails are also common, she said. And while a more digitally savvy person might not fall for a copy/pasted, typo-riddled email scam, there are many more sophisticated, personalized ones out there. Finally, Gordon added, younger people will often encounter social media impersonation and compromised accounts.
Older Americans also date, shop, bank, and socialize online. But for every generation except for Gen Z, the technologies that enabled that access weren’t always available. There’s a difference between someone who got their first smartphone in college and someone who learned how to enter a password into their parents’ iPad as a kid — the latter of which is much more the experience of a Gen Z or Gen Alpha, the generation following Gen Z that is rapidly approaching teenagerhood. Millennials, particularly older millennials, had occasional access to computers in school, but younger generations may have been issued laptops by their school district to use in the classroom at all times.
Taken together, these differences have led to some educated speculation on what that shift might change about how people approach cybersecurity. If online mayhem feels like part of the cost of being online, might you just be a bit more accepting of the risks using the internet entails? This generational difference might lead younger people to choose convenience over security when engaging online with their devices, according to Debb.
Social media apps like Instagram and TikTok are convenient by design. Install the app on your phone and you’ll stay logged in, ready to post or browse at a moment’s notice. The app will send alerts with updates and messages, designed to get you to open it up. Debb offered a hypothetical: If Instagram made users log out every time the app closed and re-log in with two-factor authentication in order to reopen it, then Instagram would probably be more secure to use. It’d also be extremely frustrating for many users. Older generations might be a little more accepting of this friction. But for those who grew up with social media as an important part of their self-expression, this level of security could simply be too cumbersome.
But Gen Z’s online experience isn’t really a black-and-white choice, where convenience lives behind one door and safety the other. Instead, online safety best practices should be much more personalized to how younger people are actually using the internet, said Guru. Staying safer online could involve switching browsers, enabling different settings in the apps you use, or changing how you store passwords, she noted. None of those steps necessarily involve compromising your convenience or using the internet in a more limited way. Approaching cybersecurity as part of being active online, rather than an antagonist to it, might connect better with Gen Z, Guru said.
“We’re the ones changing the scene in the future, right?” said Guru. “We’re the ones doing activism around climate change or reproductive rights. And so I think your threat model changes the moment that you take on those kinds of responsibilities or those roles.”
There’s another factor here, too: Many experts say that the responsibility for remaining safe while using these apps should not fall solely on the individual user. Many of the apps and systems that are designed to be convenient and fast to use could be doing a lot more to meaningfully protect their users. Gordon floated the idea of major social media platforms sending out test phishing emails — the kind that you might get from your employer, as a tool to check your own vulnerabilities — which lead users who fall for the trap toward some educational resources. Privacy settings should also be easier to access and understand.
But really, Guru says, the key to getting Gen Z better prepared for a world full of online scams might be found in helping younger people understand the systems that incentivize them to exist in the first place.
“Why do these scams happen, who is behind them, and what can we do about them? I think those are the last synapses that we need to connect,” she said.