Millennials and Gen Z Are More Susceptible ​​​​​​​to Phishing Scams

June 22, 2021

Jamil Farshchi, Equifax chief information security officer, spoke with Cheddar News’ Jill Wagner on younger generations falling victim to online scams. Below is an excerpt. To watch the full interview, click here

Jill: So why are Gen Z and millennials more susceptible to cybersecurity threats when you'd think it would be just the opposite, that perhaps older people would be more susceptible?

Jamil: I think what it tells us is that we need to have more education in this particular space. The implications are significant, whether it's bank account fraud, your medical records, a whole host of things, and we just need more education in that space.

I do think that it seems counter-intuitive at first. It makes sense to me that millennials are more susceptible and it's because they are online more often. It's just like in your car, the more miles you drive, the more time you spend, the more likely you are to get into an accident, whether it's on your own behalf or it's because of somebody else.

The more applications you use, the more time you spend online, the more accounts you have, the greater your risk of falling prey to phishing.

Jill: What are some of the best ways to spot a phishing scam?

Jamil: Number one is to just be aware of the red flags. If something looks suspicious, if it's not something that you would expect, then I can almost guarantee you that it is probably malicious. It's an illicit attempt.

Make sure that the sender is exactly who it claims to be. A lot of times attackers will try to change numbers and letters within the address, so they'll change an ‘L’ to a number ‘1’. So at quick glance, it looks as if it's legitimate.

The other thing that they're doing is they're really focusing targeted attacks so that they are highly personalized. And so if you see things that seem accurate - but there are misspellings in there, there's links or attachments that you wouldn't otherwise expect - you just always have to be cognizant. And again, it's not just the email. It could be your phone, text, things like that that they're trying to get you through as well.

Jill: When you say ‘they,’ who is ‘they’? Are these actual people? Are these bots? Is this coming from Russia? From China?

Jamil: Jill, it's all of the above. It's everything. I've spent my entire career defending against these folks and whether it's the nation state threat actors or it’s super-sophisticated organized crime. I think the scary thing to me is that a lot of those same attacks that you see making headlines from Colonial [Pipeline] or McDonald's or Electronic Arts or whomever it is, they're using those same things against you and I at home. The reason they're able to do it is because we're not educated enough as it relates to the basics of cybersecurity, and so we need to really double down in that space to protect ourselves.

Jill: Is there anything that you just do not have in your home, or a device that you've just said is kind of one step too far or too susceptible to hacking?

Jamil: I think there's really not. The way I look at it is this - everyone is fallible to some degree. I myself have clicked on phishing links before. We do tests at work all the time to be able to train our people. But if they're targeted and they're very sophisticated, then it's really tough to avoid it.

So the recommendation I have, instead of not using the latest and greatest technologies is instead to take advantage of identity theft protection. Solutions like that serve as an outstanding backstop to not only give you awareness when potentially you've been compromised, but it also gives you someone to be able to help you out as you're going through that process, because unwinding identity theft is extraordinarily difficult and a lot of times costly.

To watch Jamil’s full interview, click here.