Why so many Gen Zs end up being cybercrime victims
Generation Z, today’s tweens, teens and twenty-somethings, is coming into its own. You’d think our first cohort of true digital natives would be the least vulnerable to cyber scammers. But surprisingly, research from around the world shows they are the most likely to succumb to digital financial fraud.
So what are governments and financial institutions doing to protect them? What more should they be doing?
When the industry organisation UK Finance surveyed 2,000 UK adults about scams, they discovered 18 to 24 year olds are more likely to have been targeted in an impersonation scam than other age groups. 49% said they had been contacted by an impersonation scammer, compared to only 32.5% of those aged over 55.
Of the Gen Zs targeted, over half had provided personal information or made a payment to the scammers. This is despite 91% of the group saying they were confident they would be able to spot a fake request for personal information online.
Even more telling: only 27% said they always take steps to check if the organisation or person asking for personal information out of the blue can be trusted. Compare that to the over-55 respondents, 60% of whom say they always take steps to check out unexpected requests. Apparently, it pays to be vigilant.
Gen Zs are being sabotaged by their own self confidence in Australia as well. 23% of 18 to 25 year olds surveyed by price comparison website Compare the Market revealed they had given up personal information, or had their money swindled using social media and online marketplaces. Australian Gen Zs are also twice as likely to get their social media hacked as Baby Boomers.
Meanwhile, the Deloitte Connected Consumer survey shows Gen Zs in the United States were three times more likely to get embroiled in an online scam than Boomers, and twice as likely to have a social media account hacked.
A Deloitte spokesperson explained one of the reasons for the vulnerability of these young adults: scams are being actively tailored to them. The ‘social engineering’ techniques used to groom and manipulate Gen Zs into transferring money or divulging their personal and financial details are constantly being refined.
Gen Zs’ susceptibility to digital fraud is probably at least partly due to them just being online more, in their personal, business and financial lives. Digital banking is the norm for this demographic: you won’t see them going into branches to complete basic tasks when they have the choice to transact online and/or via their mobile banking apps.
But it also seems they’re trusting technology in situations where they shouldn’t. Growing up digital gives them a false sense of security, and when combined with a lack of knowledge about finances and money management, it might lead to overlooking potential threats and failing to implement cybersecurity best practices.
Given many in the generation are steering their own finances for the first time, this opens up considerable potential for loss.
It doesn’t help that Gen Zs are also more risk tolerant and curious, and consequently more likely to accept an invitation to try new technology. Because they’re already doing just about everything on their mobiles, they might choose the convenience of using what’s already in their hands, over safety.
As technology continues to evolve, financial scams are carried out in multiple guises and on a variety of channels - email, phone call, text, websites, WhatsApp and other messaging platforms, and more.
In the UK there were 45,367 cases of impersonation scams in 2022 costing a total of £177.6M.
One of the UK government’s responses has been to make changes to the Online Safety Bill, putting a legally enforceable duty on social media platforms, search engines and messaging platforms to prevent paid-for fraudulent ads appearing in their services and to act quickly to remove them.
Australians lost more than $3.1B to scams in 2022, according to the Australian Competition and Consumer Commission (ACCC), an 80% increase on 2021’s total recorded losses. And that’s just the reported scams. It’s believed to be the tip of the iceberg.
The Australian federal government is setting up a new anti-scam centre that will form part of the ACCC. It has promised to develop new codes of practice outlining a clear set of expectations within the industry, about banks’ obligations and what consumers can expect from their banks.
The Australian Security and Investment Commission (ASIC), has also been allocated additional funding to identify and take down phishing websites and others that promote investment scams. And an SMS registry is being developed to block fraudulent texts purporting to come from government agencies and companies.
All organisations have an overarching duty to help protect their customers from fraud and scams, but it is bank customers who are overwhelmingly the main target for scammers. Under new UK laws, banks are forced to reimburse customers unless they have acted fraudulently or with gross negligence. Sending and receiving banks split the cost of reimbursing scam victims.
Legislation in Australia and New Zealand puts responsibility for data protection and consumer consent onto financial institutions. That includes educating customers about fraud and putting parameters in place to stop them falling victim to it.
In Australia, the major banks are under increasing pressure to do more to address the issue but they have argued against introducing requirements similar to the UK.
In May 2023, the Australian Banking Association launched a digital Fraud Reporting Exchange (FRX) platform which aims to speed up reporting of fraudulent payments en route or transferred to another bank. By allowing the reporting of scam payments in close to real time, it will help disrupt frauds and scams, making it more likely that funds can be frozen and returned to customers. Early trials have shown the time to resolve most scam cases dropped by more than half.
When a financial institution chooses Sandstone as their technology partner, they can rest assured we’re putting their customers’ online safety front and centre. All Sandstone Technology products come with in-built features to help protect end users, and we’re constantly innovating to make sure our solutions are actively helping Gen Z – and all generations young and old – to keep their personal information secure, and avoid financial losses.
All our solutions comply with global security standards as well as local and industry regulations. We release and deploy security patches within strict SLAs, giving you the peace of mind that sensitive data is always secure.
With mobiles now the most targeted devices by criminals, mobile apps need to be under constant review. Sandstone’s mobile app has advanced fraud protection, with sensitive customer data kept safe through the latest multi-factor authentication (MFA) technology and fraud monitoring integrations.
Multi-factor authentication via push notifications enables users to authenticate transactions made via online banking, using a registered mobile app, instead of using one-time passwords generated via SMS. To bolster our security offering further, Sandstone has integrations with trusted identity and verification (ID&V) providers such as IBM Trusteer, ThreatMetrixs and RSA.
Biometric authentication, including fingerprint or facial recognition, adds an extra layer of protection, ensuring only authorised users can gain access to their accounts. Other features like real-time transaction alerts and set spending limits give customers greater control over their accounts. A combination of these features can allay security fears for both the financial institution and the customer.
We’re also working towards a future where AI plays a crucial role in fraud prevention, with algorithms helping monitor data from huge numbers of transactions, to uncover fraud patterns. They can analyse customer behaviour to anticipate or identify fraudulent purchases in real-time or even prevent threats of fraud. Machine learning-based fraud detection solutions can be trained to detect fraud within more than one type of transaction or application, or both at the same time. They can also learn from historical data and adjust their rules to stop threats they may never have seen before.
To find out more about the security features in our mobile app and digital banking solutions, contact Sandstone Technology.