Two studies show that young people are more likely to be victims of online fraud.  You’d think that since most of them have not experienced a world without Internet and email, they’d be more knowledgeable about phishing and other schemes.  But the insurance group CPP reports that the 16 to 24 age group is most likely to be defrauded in the UK, with the average loss of £590 per incident.

Another research study comes from RSA’s 2010 Global Online Consumer Security Survey, which shows very interesting trends:

“Of the more significant survey findings, consumer awareness of phishing attacks has doubled between 2007 and 2009 and the number of consumers who reported falling prey to this attack increased six times during that same period of time. In addition, while hundreds of thousands of people join social networking websites each day, the survey exposed that nearly two in three (65 percent) people who belong to these online communities indicated they are less likely1 to interact or share information due to their growing security concerns.”

“Consumers using online banking (86 percent) websites shared more concern with the theft of their personal information than those using healthcare portals (64 percent) and government websites (68 percent). As a result of these concerns, more than half of all consumers reported that they are less likely to share information and interact on these websites.”

This is interesting because it tells us that phishers are becoming more and more sophisticated and consumer education is limited in terms of preventing online and identity fraud.

What it means for us is that social engineering is becoming more sophisticated, fooling even those who don’t remember the times before Internet and mobile phones.  Effective proactive defense includes mutli-channel authentication options, which will not rely on user alertness or mental mapping techniques.   Secure web services will help protect their customers without relying on their ability to recognize a phishing attack.