Skip to main content

Younger Canadians may be more tech savvy, but research suggests they are also at the highest risk of falling prey to online scams, frauds and attacks.

That’s likely because they spend more time online and have more password-protected accounts, experts suggest. Research also finds that younger Canadians are more likely to use the same password for work and personal accounts, which can pose a major threat for their employer. Last year cyber breaches cost the average Canadian business nearly $7-million, according to IBM.

In a recent study Deloitte found that Gen Z Americans – those born in the late 1990s and early 2000s – were three times more likely to be the victim of an online scam in 2023 than baby boomers, those born between the late 1940s and early 1960s.

According to an earlier study by EY, Gen Z and their slightly older Millennial colleagues – who were born between the early 1980s and mid 1990s – were least likely to adhere to workplace cybersecurity protocols. Both generations of employees were significantly more likely to use the password for personal and professional accounts, and disregard mandatory IT updates.

“Being more connected does introduce more risk,” says Nick Galletto, the cybersecurity leader of EY Canada. “If you’re very dependent on technology to do everything, you’re probably at a higher susceptibility level.”

Mr. Galletto explains that greater online exposure makes younger Canadians more likely to click on a malicious link or fall victim to an online scam. For example, he says that when he grew up it would have been impossible to develop friendships with people he had never met in person, but his Gen Z children interact with countless peers they only know through online interactions.

“There’s a different level of trust when getting to know people through electronic means, which introduces risks,” he says. The same is also true with password practices, as having more online accounts makes it harder to maintain different, highly secure credentials.

“Boomers might only have five or six online accounts, and it’s a lot easier to remember five or six user IDs and passwords, versus 20,” he said. “There’s a higher likelihood that they’re going to use the same password, because it’s easier to remember.”

Cybercriminals also perpetrate scams and attacks through the channels that younger Canadians typically spend more time interacting with, such as social media, text messages and e-mail. According to a recent study conducted by TransUnion, 47 per cent of Canadians reported being targeted on one of those channels in the last quarter of 2023, but that proportion jumps to 53 per cent among Millennials and 59 per cent among Gen Zers.

“Gen Zs and Millennials are more likely to be engaged in more digital transactions, more social media, and they’re more likely exposed to additional threats,” says TransUnion Canada fraud expert Patrick Boudreau. He explains that online scams and attacks are getting more sophisticated, and harder to detect, especially if the victim is multi-tasking or not paying close attention.

“They try to pose and make it seem very legitimate, and if someone looks at it quickly, they may not catch it at first glance, so it’s about taking the time to pause, reread, and make sure it makes sense,” he says. “Before clicking on a link, hover over it to see where it will take you, check to see who it’s from, look for any spelling mistakes or changes in the spelling.”

One of the primary attack vectors, according to Mr. Boudreau, is a link that, once clicked, gives an attacker access to the device. Such links are often sent via text message, posted to social media, or sent via e-mail with an urgent or important sounding message from a seemingly trusted source.

Some of the more common attacks include posing as a courier brand suggesting a package will be lost without immediate action, a major bank suggesting there’s a problem with an account or a social media post advertising a limited time sale on a popular product.

“There’s always a sense of urgency to push an individual to think they can’t wait,” Mr. Boudreau says. “If it sounds too good to be true, most times it is.”

Of all the digital accounts that need to be secured, however, there is none more important than e-mail, according to Jane Arnett, a Calgary-based cybersecurity evangelist for Check Point Software Technologies.

“If I can get that, I can reset any other password you have,” she says. “If you only have one password in your life that is extraordinarily long, complex, not used or shared ever, make that the place where all your password resets are sent.”

Arnett also emphasizes the importance of not repeating passwords, especially when moving between personal and professional accounts, a mistake the research suggests younger Canadians are more likely to commit.

“If your Spotify account gets hacked, and you use the same password to get into your e-mail at work, that’s a big problem,” she says. “It doesn’t matter how much your company is investing in cybersecurity if you do that.”

Ms. Arnett adds that while it used to be that older generations were the most susceptible to online threats, widespread efforts to educate and protect the elderly have had a noticeable impact. Now, she says, it’s time to refocus that effort on the youth.

“When we have problems with technology, we find the youngest person in the room to figure it out,” she says, “but we forgot that they still need to be taught – just like any kid needs to be taught how to be safe in the world – about cybersecurity as well.”

Follow related authors and topics

Authors and topics you follow will be added to your personal news feed in Following.

Interact with The Globe