Why you should be taking security advice from your grandmother

Credit to Author: Christopher Boyd| Date: Thu, 28 Apr 2022 23:10:42 +0000

We tend to accept that younger folks are supposed to be more tech savvy, given they’ve grown up with computers and the Internet pretty much their whole lives. If you go back about 15 or so years, a lot of security advice focused on the “warning your grandmother away from scams” routine.

The default assumption was that people over a certain age simply did not know about computers and the threats that come with them. Grandparents were the short-hand, go-to frame of reference for examples in posts about scams or fraud: Watch out for grandfather this; your grandmother will fall for that.

Your grandfather knows what he’s doing

Crude, age-based categorisations were always dubious, and they are looking more and more baseless as the years tick by. Tech has now been around for a long time, whether it had some Internet bouncing around inside it or not. The oldest gamers playing on machines like Binatones in the 1970s might now be approaching 70 years of age themselves. Many studies have come and gone in the last couple of years declaring certain age groups to be at risk at one time or another. The interesting part is that more and more are declaring that younger age groups are at the greatest risk.

Older folks are dodging COVID-19 scams and all sorts of other shenanigans. Meanwhile, the news is definitely not as good the lower down the age slide we go.

Over here, Barclays twenty-somethings are most likely to be caught by scams. Over there, The Better Business Bureau finds that year after year it’s the younger folks getting stung by scams. In this direction, the UK’s Local Government Association has warned that it’s 16-34 year olds mostly feeling fakeout wrath. Some of the surveys listed claim that those in both the 31-40 or 71+ ranges are more susceptible to forms of advance fee fraud, but that seems to be about the only real negative mark against them.

Everything else is grim reading for the younger netizens out there.

Are digital natives in trouble?

A new study has just landed and guess what? It’s more misery for the so-called “digital native” generation (and, perhaps, those just on the fringes).

The Financial Times reports that a joint study by Visa and Aston University’s Institute for Forensic Linguistics brings bad tidings for the young. One in four 18-34 year olds trust scam messages, which is “more than double” of those over 55.

Gen-X, forgotten again.

Crunching numbers

We cover the “urgent action” type scams a lot, because it’s a core component of so many fakeouts. Nothing has people clicking links they shouldn’t click faster than the threat of losing access to accounts or finances. According to the study, some 70% of messages analysed contained some kind of “Hurry up please” messaging.

Gift cards and Bitcoin—cybercriminals’ favourite currencies—feature heavily, as you’d expect. And it’s no surprise that aspects of younger culture are tied up in the most common scam messages.

More than 50% of 18-34 year olds had sent cash to fakers pretending to be friends or family. Again, this is likely another tick in the pandemic box. There’s a lot more stats in the report itself [PDF], but that’s not what I’m most interested in. Despite it being focused on the language of fraud, there’s one key aspect which isn’t really touched upon.

Reports state that a quarter of 18-34 year olds don’t check for spelling and grammar mistakes. As the PDF itself notes that poor spelling, typography, and grammar are often indicators of a scam message, we may wonder how this disconnect is happening—and how to address it.

Annoying your spell-check for fun and profit

Security advice nowadays tends to steer clear of the “Your grandfather doesn’t understand computers” routine for the previously mentioned reasons. It’s just a bit crass and not particularly accurate.

And there may be other age-related pieces of security advice to reassess too.

Misspelling and errors have been a feature of scams for years, and a useful red flag we could advise people to watch out for. But does that advice still work for a generation that’s grown up on social media and messaging apps, and loosened its adherence to language norms by communicating with emojis and paired-down, abbreatived, vowelless blasts of text?

Some People Write On Social Media Like This.

others write everything in lower case and don’t even bother to consider throwing in the occasional comma or even a full stop because their messages are still entirely understandable

The rules have mostly gone out the window, and the “watch out for typos” advice might have to go with it. After all, you can’t tell people to beware strange spelling when everyone is officially doing their own thing.

Some good news for Gen Z and Millennials

Thankfully, “watch out for typos” is far from the only piece of security advice we can give when warning people away from bogus SMS messages or suspicious emails. When we warn you away from a phish, we give you several things to look out for in combination. It’s the same for a malware scam, or a bogus phone download, or something targeting young gamers.

The survey recognises this, and stresses the importance of picking out combinations of factors to spot a scam. It’s not just typos: It’s combinations of certain words, pressures exerted on the recipient, mismatches between sender and links given, and a dash of ambiguity. One of these alone probably won’t help, but a few of them together most likely will.

The post Why you should be taking security advice from your grandmother appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/feed/