Younger people are more likely to fall for phishing scams

Under-25s are more than twice as likely to fall for a phishing scam as over-55s, according to a report by Get Safe Online.

The government-backed research found that 11% of people aged 18–24 admitted to being victims of a phishing email, compared to only 5% of over-55s. Younger people were also phished out of more money on average (£613 versus £214).

Browsing habits to blame

These findings suggest that it’s no longer safe to assume that only older people fall for phishing scams – or even that they make up the majority of victims.

The obvious counter-argument is that younger people typically use the Internet more than older people, so they’re bound to get more phishing emails. However, the report states the opposite: only 36% of under-25s said they’d been targeted by a phishing scam, compared to 47% of over-55s.

Nonetheless, younger people’s tendency to browse the Internet more often does play a crucial role in why they’re more likely to fall for phishing scams. It’s not just purely a question of volume of Internet use. There’s also the ‘it won’t happen to me’ factor: if you’re regularly online and happen not to be targeted by an attack, it’s easy to become complacent or downplay the risk of phishing. That, combined with habitual Internet users’ desire to consume content quickly before moving on, explains why only 40% of under-25s said they “carefully read and re-read all emails”.

The bigger problem is younger people’s attitude to sharing information online. They are much more likely to post personal information on social media sites, blogs, vlogs, etc., and cyber criminals are taking advantage of these sources to piece together detailed information that can lead to incredibly authentic scams.

There’s also a third factor: arrogance. Shockingly, 51% of under-25s admitted to regularly “replying to or clicking links in unsolicited spam emails”. This is perplexing, as the effectiveness of phishing emails is based on their ability to trick people into believing them to be genuine. If you’ve already identified the email as spam, choosing to click the link anyway requires a spectacular level of hubris. At that point, you might as well post your bank details on Facebook.

How to spot a phishing email

This research clearly indicates that younger people need to become more vigilant online, but the problem is universal. Too many people fall for these scams, and that’s mostly because they don’t know how to spot and respond to phishing emails.

You can learn the basics with our phishing infographic. It outlines the various forms that phishing attacks can take, explains the damage they can cause, and provides an annotated example of a scam email, showing you what to look out for.

We also offer simulated phishing attacks to help organisations identify whether their employees are susceptible to phishing scams, and a staff awareness course to help employees understand the threat of phishing.

Find out more about phishing >>