Cybercrime isn’t just an enterprise problem anymore. Everyday consumers are a primary target, and the numbers back it up. The Federal Trade Commission (FTC) reported that older Americans alone lost $2.4 billion to scams in 2024.
Most of the time, the technology is working. The gap is in human understanding. What’s needed is a widespread shift toward public education in digital literacy, but awareness and education aren’t enough. Enterprises need to understand their role in safeguarding users from scammers and work to create a safer world.
Modern scams are exploiting gaps in everyday technical understandingÂ
Attackers have transitioned from obvious scams to what look like everyday interactions. As citizens now conduct so much of their daily business online – from paying toll fees to filing taxes and scheduling doctor appointments, these types of interactions have become normalized.
And as they’ve become more normalized, it’s easier than ever for bad actors to prey on consumers. There’s no reason not to think the Department of Motor Vehicles (DMV) might send you an automated text these days. This has created fertile ground for the rise of everything from toll scams to DMV and delivery scams.
AI has made these messages far harder to spot. An email riddled with spelling errors and different fonts screams “Fake,” but a well-written email crafted with the help of Generative AI isn’t as easily recognized as the scam it might be.
AI didn’t just fix grammar; it made scams believable and cheap to run at scale. Scammers also have access to more personal data than ever, making these messages feel eerily specific. They rely heavily on the timeless manipulation tactics of fear, urgency and uncertainty to drive home their message.
The limits of technology
Modern cybersecurity technology offers strong detection, but it often kicks in after the user has already made a decision. By the time a filter flags a message or a platform removes a fake account, the victim has already clicked the link or sent the payment.
There’s another layer to this. Scams are increasingly initiated through channels that are private by design. End-to-end encrypted messaging apps, peer-to-peer payment platforms, and direct SMS mean there’s no intermediary with visibility. No filter to catch it. No platform scanning the content. The attack reaches the consumer directly, with nothing in between.
That’s not a flaw in the technology. It’s the nature of privacy-preserving systems being exploited for harm. And it’s why no detection layer alone closes the gap.
What it actually means to be digitally literate
This isn’t about becoming a cybersecurity expert. It’s about understanding a few things that change how you respond to what you see online.
Knowing that legitimate companies almost never ask for passwords or payment details through a text message. Knowing that urgency in a message is a tactic, not a reason to act fast. Knowing how to find an official phone number or website on your own, rather than using the one you were sent. Knowing that when something feels off, the right move is to pause and check through a different channel.
These aren’t complicated skills. But they aren’t being taught widely, and they should be.
Companies have a role here, too
Many businesses train their customers into risky habits without realizing it. Emails with links to click. Texts asking you to confirm account details. Automated prompts requesting verification. These are common practices that also happen to look exactly like what scammers do.
If companies want to be part of the solution, the first step is consistency. Be clear about how you will and won’t reach customers. If you never send payment links by text, say that explicitly. Make it simple for people to report something suspicious, and treat those reports as valuable, not as noise to be filtered away.
Consumers often see new scams before companies do, especially in private channels that businesses have no visibility into. That makes people on the receiving end of an early warning system, if they know what to report and where to send it.
The gap is closeable
Fraudsters don’t stop. They find new angles, test new messages, and move on to whatever works next. That’s not going to change.
But the gap they keep exploiting, the distance between how digital systems work and how much most people understand about them, isn’t permanent. It can be closed. It won’t close on its own.
The most effective thing that could happen right now isn’t a new security tool. It’s a real investment in helping ordinary people understand the world they’re already living in. That’s not a technical problem. It’s an education one, and it’s overdue.
Â
Â
Join our LinkedIn group Information Security Community!
