Who is the main victim of cybercrime?

Who are the Digital Kleptos of the World targeting? (Anyone, of any age, and any level of skill, can get scammed.)

Author

Anthony Collette
December 09, 2025 • Estimated Reading Time: 11 minutes

Happy Tuesday!

It’s a big World, and there’s a lot going on. There are plenty of caring, ethical and helpful people all around us. And quite a few bad apples and criminals who cause havoc in other peoples’ lives. Perhaps it’s always been this way. The World changes — but people don’t. Humans today are exactly how we were 5,000 years ago. With the Internet, 24/7 news and social media we have a better window, a clearer view of the damage that these modern, online hooligans are causing us, our employers, and our friends, family and co-workers.

We might have a clearer view, but certainly not a perfect or complete one. The mass media hasn’t yet explained the scope of the problem, or the solutions available to the general public and micro business owners in a way that persuades.

We need to tell cybersecurity stories more persuasively to a much wider audience.

That’s why we founded this newsletter. To help define the size, shape and general direction of the painful plague of hacking, and to celebrate your successes when you take charge and improve your online experience by making yourself less of a target.

And we’re so glad you’re along with us for the adventure!

— Anthony Collette
Founder, Loistava Information Security

Who is the main victim of cybercrime?

Online crimes against the public are exploding. Hackers are targeting all age groups, but the largest number of complaints from victims of cybercrime reported to the FBI (and dollars lost) is higher for the 40+ demographic, and notably highest among those 60+. This makes sense when you consider that wealth typically concentrates among the older/elderly, they tend to be somewhat more vulnerable, and hackers prefer to target victims with lots of money.

But hackers even target young children on gaming sites like Minecraft, Roblox, Pokémon GO, and Among Us. And the frequency of these attacks against our youngest online generation is increasing rapidly. Anyone of any age can become a cybercrime victim.

How do hackers pick their victims?

The online criminals that would target you individually and your employer exist along a spectrum of skills and abilities. At the low end, there are people with a grudge or grievance, who have minimal to no hacking skills. These folks have a bug up their butt and a credit card in their hand. They sign up on one of the many Hacking-As-A-Service websites, pay up and provide the name of their intended target. Consumers like you and me are targeted most often for financial reasons; basically the hackers want to separate us from our money or other assets.

In the middle of the Hacking Skills Spectrum, you’ll find organized groups of hackers who trade stolen passwords on hacker forums and build and share software to help each other hack even more cybercrime victims. These Digital Kleptos™ are mostly in it for the money.

At the very high end of the Hacking Skills Spectrum, you’ll find entire office buildings full of professional, government-sponsored hackers in countries like China, Russia and North Korea. These operations are professional, well trained, and target consumers and businesses in the West, both for political reasons and to steal money. And now they’re working together to increase the scale and effectiveness of their attacks against us.

For businesses, some cyber attacks are driven by retaliation from disgruntled employees or insiders. These attackers use their inside knowledge to cause damage, either by deleting critical files or making confidential data public. Insider hackers tend to be more dangerous because they come from within the organization, and have valid access, making their actions more difficult to detect.

How do people become victims of cybercrime?

One of my co-workers was hacked 4 times in one year. Like many Internet users, this co-worker used the same passwords on many different sites, often called password reuse. So when hackers successfully targeted their cellphone and email accounts, they simply kept going, using the same or very similar passwords on other sites. The simple solution is to use strong, modern passwords for every online account. That way if one site is hacked, the damage is contained there and your other online accounts are unaffected.

Clicking on dodgy links in email and text messages is also a frequent way typical Internet users get hacked. China-based hacking groups have been sending non-stop scam text messages (often called phishing) about a supposed wayward package or unpaid toll fee. And now they’re promoting a new offering, just in time for the holiday shopping season: fake but convincing e-commerce websites. They’re also sending fake text messages that promise unclaimed tax refunds, mobile rewards points and discounts on insurance.That nasty link usually directs people to a fake website, or encourages the user to call or interact with the hacker in various ways.

Next time an unexpected email or text shows up, you have absolutely zero obligation to respond. If you’re confident it’s not legit, feel free to delete it!

“Pig butchering” schemes have also become more common. Criminals build long-term romantic or business relationships with their victims before gradually introducing fraudulent cryptocurrency or investment opportunities. Because most cryptocurrency transactions can’t be reversed after the funds are transferred, prevention and education are critically important.

What is the #1 cybercrime in the USA?

Hackers are endlessly creative in finding ways to scam consumers. In 2024, the three most common cyberattacks reported were phishing, extortion, and personal data breaches. There’s a new hacking incident in the U.S. every 39 seconds!

Cybercrimes involving investment fraud, particularly using cryptocurrency, led to the most losses in 2024: $6.6 billion.

Grandparents often have a hard time saying no to their grandchildren, which is something scam artists using the Internet know all too well. Scammers gain access to consumers' personal information by mining social media and then create storylines to prey on the fears of grandparents. The scammers call and impersonate a grandchild in a crisis situation, asking for immediate financial assistance. Sometimes these callers “spoof” the caller ID to make an incoming call appear to be coming from a trusted source. Often the imposter claims to have been in an accident or arrested. The scammer (pretending to be a grandchild) may ask the grandparent “please don’t let mom and dad know,” and may hand the phone to an accomplice posing as a lawyer seeking immediate payment.

Recently law enforcement prosecuted a gang of 25 people from Canada for participating in these "Grandparent Scams" that stole over $21 million from grandparents in 40 U.S. states.

There’s No Single “Main Victim” of Cybercrime

The staggering variety of cyber crime committed against consumers and businesses shows there’s no “main victim” of cybercrime . . . we’re all in the same boat together, for better or worse! Anyone of any age, any background, and any level of sophistication can be tricked and hacked. Even well-known cyberfraud expert and author Corey Doctorow got scammed out of $8,000.

Katie Gatti Tassin, a personal-finance expert, lost $8,000 five years ago to a grandmotherly-sounding woman pretending to call from Tassin’s credit union.

Charlotte Cowles is a journalist who had a weekly column in the “Business” section of the New York Times. She’d written a personal-finance column for The Cut magazine for seven years. She interviews money experts all the time and takes their advice seriously. But she got scammed out of $50,000 cash. If it can happen to Corey, Katie and Charlotte, it truly can happen to anyone.

How can I protect myself from cybercrime?

Become aware of The Basics.

We’re now living a huge portion of our modern lives online. Hackers and scammers are targeting all age groups and demographics. No cavalry is triumphantly galloping over the hill to save us, so it’s up to us to do what we can to make ourselves safer online.

Thankfully staying safe online doesn’t have to be hard or complicated. First, we can forget about old, outdated cybersecurity advice. Then, one by one, each of us can master The Basics:

Know The Basics — Understand how the world has changed, and what you can do about it.
Modern Passwords — Create and use strong, unique, Modern Passwords for each online account.
Password Manager — Use a high-quality Password Manager to create, remember and type the passwords for your online accounts.
Diceware Passphrase — Craft and use a Diceware Passphrase to lock down your Password Manager.
Multi-factor Authentication (MFA) — Implement MFA for each online account that offers it.

There are no guarantees in life. But fortunately, these 5 foundational building blocks are proven to work extremely well. You can massively stack the deck in your favor by intelligently adding each one to your online experience.

This adventure in online security doesn’t have to be hard or overwhelming. And you don’t need to do it all at once — brick by brick, layer by layer, add each one of The Basics to your day-to-day online life.

Then pop a cork! You deserve to celebrate what you’ve accomplished!

Join us

Weekly resources to help keep you safer online — protecting you from hackers, online scammers, and other Digital Kleptomaniacs™.

No spam. No selling your email. Just factual, actionable information once a week, from people who truly care about online security.  You can unsubscribe any time — but we hope you’ll want to stay with us on this journey.

Cybersecurity is a modern form of wealth, and you deserve to keep what you've earned.

Looking forward to connecting again next week.

— Anthony Collette

Digital Kleptos™

Reply

or to participate.