Phishing Prevention Tips for Older Adults
Written by: Hilbert College • Oct 19, 2023
Phishing is a type of online fraud that can affect any age group, but older adults often suffer the greatest financial impact.
That impact is growing.
The FBI reports that Internet fraud led to $3.1 billion in losses to people over the age of 60 in 2022, a figure that represents an 84% jump from 2021. The financial toll averaged more than $5,000 for each older American victimized in 2022. For more than 5,000 people, the individual financial loss exceeded $100,000.
However, seniors can stand up to this increasing threat by taking action to prevent becoming victims.
What’s Phishing Prevention? ¶
Preventing phishing attacks means protecting against a specific kind of fraud. It’s an important part of cybersecurity, which is the practice of protecting computer systems and networks from unauthorized access, and computer science, which encompasses cybersecurity and various issues related to computer systems.
The first step in phishing prevention is to gain an understanding of what phishing involves and the wide range of phishing tactics that a hacker, or someone who gains access to a computer system, might use.
Phishing: Definition ¶
Phishing is a crime in which someone poses as a reputable person or organization in an attempt to access personal information or financial account details. Although its most common form is email, phishing can also use various other online tools—from text messages to voice calls—to target victims.
Victims may voluntarily provide data or money, or they may unwittingly install software that compromises the security of their system or network. In some cases, such as those involving a technique called pharming, phishing doesn’t require an individual to take any deliberate action.
Notifications received in phishing attacks often seem to encourage prompt action, such as clicking a link to make a payment or to provide bank account information. However, the alerts contained in phishing messages are fraudulent.
A phishing email may ask for confirmation of personal data, for example, or it may direct the recipient to click a link. When the individual takes the action requested in the email, they unwittingly open themselves up to scammers, who poach information that they can use to steal the person’s identity—and, often, their money.
Phishing scams use language that tricks users into providing personal and financial information. The Federal Trade Commission recommends taking caution with emails and texts that contain notifications of suspicious activity or login attempts; warnings of account or payment information problems; requests for confirmation of personal or financial details; links to click to make a payment; details about eligibility for a government refund; and coupons for free goods or services.
11 Common Types of Phishing ¶
Whether targeting an individual or organization, phishing can use a broad range of techniques. The following are 11 common types of phishing that older adults should be on the lookout for in their phishing prevention efforts:
- Email—sends emails to as many different addresses as possible, posing as a reputable person or organization to gain access to personal information
- Smishing—uses text messages to direct an individual to take an action that makes it possible for a cybercriminal to steal their data or money
- Vishing (voice phishing) —leaves voice messages by phone that aim to trick an individual into providing information or money
- Social media—establishes fake accounts through social media platforms, such as Facebook or X/Twitter, to lure an individual into sharing personal information
- Pharming—installs malicious code on an individual’s computer, sending them to fake websites that collect their login information
- Pop-up—presents a pop-up display on an individual’s computer that makes a false claim of a security risk, thereby tricking the individual into installing harmful software
- Evil twin—establishes a false Wi-Fi network that appears to be authentic to collect personal information that an individual provides when they log in
- Search engine: —displays fake items meant to lure an individual into providing sensitive information when they attempt to make a purchase
- Clone—sends an email message with a malicious link that’s identical to an email message that an individual already received
- Watering hole: —installs malware on a group of computers to gain access to the network of a website that users frequently visit
- Deceptive —sends messages that falsely claim that an individual is a victim of a cyberattack and instructing them to correct the problem by clicking a link that infects their computer
Why Do Phishing Scams Target Seniors? ¶
In a 2022 report, the Federal Trade Commission (FTC) indicated that fewer people age 60 and older reported incidents of online fraud in 2021 than those between 18 and 59. Still, the FBI notes, these attacks often specifically target older people. The agency issues a regular report that provides statistics about online fraud targeting older adults.
The reasons behind phishing scams targeting seniors are many, from older generations’ wealth to their trust levels. Below is a look at some key factors that drive phishing aimed at older adults.
Greater Accumulated Savings ¶
People’s wealth tends to peak as they reach older adulthood, making their nest eggs attractive prizes for a potential scammer. In the first quarter of 2023, people in the baby-boom generation, or those who were between 59 and 77, held about 53% of the total wealth in the United States, according to the Federal Reserve.
It’s little surprise, then, that the FTC reports that people 70 and older tend to incur greater losses from online scams.
Increased Trust in Others ¶
Older adults are often more trusting and polite than younger people, the FBI warns. These otherwise positive traits can be problematic when older people encounter phishing scams. They may be quick to believe scammers’ fraudulent messages and act on them.
Then, when they discover that they’re victims of phishing attacks, older adults are often reluctant to speak up about the crime—making them attractive targets of hackers.
Less Technological Literacy ¶
Many older adults rely on technology to stay in touch with others. They often face challenges in using these tools, however, leaving them prone to unwittingly becoming victims of phishing attacks.
A 2021 AARP report noted that more than 70% of those over 50 relied on digital communication to stay in touch with others. However, 40% also found the devices to be complex and difficult to use.
Heightened Sense of Loneliness ¶
Included among the groups at greatest risk of experiencing loneliness are older adults. The Centers for Disease Control and Prevention (CDC) reported in 2023 that more than a third of people over 45 in this nation feel lonely.
Phishing scams targeting seniors can capitalize on these feelings, tricking them into taking action that they believe will connect them with others.
What Are Examples of Phishing Scams on Seniors? ¶
Similar to their younger counterparts, older adults can face an array of schemes that aim to steal their data and money. Some scams commonly target older people. The following are some of those scams on seniors and how cybercriminals engage their victims:
- Charity—claiming to work for a reputable charitable organization to gain an individual’s trust and money
- Government impersonation—acting as though they’re government employees and threatening an individual with arrest unless they provide payment
- Grandparent—pretending to be an individual’s child or grandchild in an effort to get money
- IRS—sending emails or other communications falsely claiming to be from the revenue service in an attempt to steal an individual’s information or tax refund
- Lottery/sweepstakes—issuing a false announcement that an individual has won a foreign lottery or sweepstakes and asking for their bank information to deposit the winnings
- Medicare/Medicaid—impersonating a government employee who’s contacting an individual about their Medicare/Medicaid health insurance and convincing them to provide personal information
- Money mule—reaching out to an individual or posting a job opportunity online that results in the cybercriminal laundering money by depositing funds into the individual’s account
- Romance—posing as a potential romantic partner on social media or dating sites to convince an individual to give them money
- Tech support—claiming that they’re technology support representatives who are fixing tech issues and tricking an individual into giving them access to their devices and information
Older Americans suffered the greatest level of financial loss due to Internet fraud of all age groups in 2022, according to the FBI. Among those over age 60, there were 88,282 victims; average loss per victim was $35,101; total losses amounted to $3.1B; and that marked an 84% increase in losses compared to 2021.
How to Prevent Phishing Attacks ¶
Just because they’re frequent targets of cybercriminals doesn’t mean that older adults have to fall victim to their tricks. By taking some steps to prevent phishing, older adults can safeguard their personal data and money. Here are tips on how to prevent phishing attacks.
Follow Digital Security Practices ¶
Following commonly recommended digital security precautions can help ensure that networks and systems on everything from personal computers to smartphones are safe, regardless of actions that users—or would-be hackers—take. Older adults can bolster their phishing prevention with the following cybersecurity practices:
Using Strong Passwords ¶
Passwords required for actions like logging in to an online account or unlocking a digital device should be strong enough to prevent unauthorized access. Strong passwords include a combination of at least 16 random letters, numbers and symbols. The password for each device or account that an individual has should be unique.
Installing Security Software ¶
Software such as spam filters, anti-phishing browser toolbars and antivirus protection are another layer of defense against unwanted access to networks and systems—and the data they contain. Scheduling frequent scans with security software can provide the most up-to-date protection.
Performing Regular Updates ¶
Updating software, browsers and other digital tools can help protect against emerging security threats. Promptly installing updates as they become available is important.
Using Multifactor Authentication ¶
Many tools and accounts allow for multifactor authentication (MFA), which requires two or more credentials to gain access. Taking advantage of MFA opportunities is a good practice in preventing phishing attacks. The extra layers of authentication typically require passcodes, security question answers, fingerprints or face scans.
Blocking Pop-Ups ¶
Because pop-ups are a common vehicle for phishing attacks, most web browsers block them automatically. By ensuring that these pop-up blockers are activated, digital device users can stop any fraudulent messages that a pop-up may be sharing.
Backing Up Data ¶
Older adults can give themselves peace of mind by protecting their data from potential loss. Backing up that data in the cloud or on an external hard drive provides the assurance that the user will likely always be able to access it.
Look for Warning Signs ¶
Regardless of where and how older adults receive the messages, phishing scams have some common indicators. Older adults should keep the following potential warning signs in mind—and take caution before acting on any communication that contains them:
- High-pressure tone—features language that conveys a sense of urgency and fear, such as reports of suspicious activity, directing the individual to take immediate action
- Too good to be true—offers once-in-a-lifetime deals, refunds, prizes or opportunities
- Unfamiliar sender—appears to be from someone who an individual doesn’t know
- Unusual greeting or language—uses a tone or words that aren’t typical for the sender or words that contain grammatical errors
- Unknown links and attachments—includes links or attachments that are unfamiliar to an individual
- Personal information request—asks for information that a hacker could use to access networks or accounts
- Inconsistent addresses or links—provides email addresses or hyperlinks that closely resemble those of legitimate senders, with differences that are small enough as to be easily overlooked
Avoid Clicking Links ¶
Any unknown hyperlink can contain malware. To protect themselves against these phishing attacks, older adults should avoid any links or attachments from an unfamiliar source or that seem to be suspicious.
When a message contains a link, they should hover over the link to see the URL, examining it closely to ensure that it’s a legitimate site. Even if the URL seems to be legitimate, they should avoid clicking it and providing their login information. Instead, they should open a new browser tab and directly enter the URL to ensure that it goes to a reputable site.
Don’t Share Personal Information ¶
Older adults should take care when providing information about themselves online, whether through messages or social media posts, if it could be useful in answering security questions to guess passwords. Also, they should never share sensitive data digitally, keeping in mind that legitimate government and financial institutions won’t ask them to do so.
Older adults should contact the company to verify a message’s authenticity before providing information such as:
- Account information
- Birth date
- Government identification numbers
- Password
- Username
Ignore Questions ¶
Recipients of messages with any of the warning signs of scams targeting seniors should pause before taking action. Cybercriminals often lure their victims into quick responses by setting artificial time limits. Providing any response to questions confirms to the hacker that an account is active, so ignoring questions from unknown sources is the best bet for phishing prevention.
Phishing Scam Resources for Older Adults ¶
Resources are available to help older adults and their loved ones learn more about how to guard against scams on seniors—and what to do in the case of a suspected phishing attack.
Where to Learn More About Phishing Prevention ¶
Government agencies and organizations that assist older adults provide information to help seniors protect against and spot phishing schemes.
- AARP Fraud Watch Network: Provides tips for protecting against phishing and other scams and provides updates on current concerns and law enforcement alerts.
- FTC: Presents information and materials about the warning signs of scams, how to avoid them and where to report them (available for download and ordering).
- National Council on Aging: Offers information and events about various fraud targeting older people, from text messaging to payment scams.
- Cybersecurity & Infrastructure Security Agency: Connects people to organizations that assist with phishing prevention and complaints and provides downloadable resources on issues ranging from cybersecurity while traveling to social media use.
Where to Turn if You’re a Phishing Victim ¶
Older adults should learn where to turn if they become victims of phishing, so they’re prepared to report any incident of suspected fraud. The following are some places to report these concerns:
- Consumer Financial Protection Bureau: Lists answers to a host of questions about scams, including what to do in the case of identity theft.
- FBI: Offers an Internet Crime Complaint Center (IC3) where people who believe they’re victims of online fraud can report the incident.
- HelpGuide.org: Provides information about scams against older adults and how to watch for them, explains where to report the crime, and notes the details that the victim should be ready to share about the incident.
- Office for Victims of Crime: Offers information about elder abuse and an initiative to combat it, as well as a hotline for reporting fraud against older people.
Prevent Phishing for Yourself and Your Loved Ones ¶
Learning how to prevent phishing attacks is an important step for older adults and those who care for them. By understanding the warning signs, taking preventive action and finding out where to turn for help, they can help guard against the thousands of dollars in loss that typically result in phishing attacks on older generations.
Infographic Sources:
Federal Trade Commission, How to Recognize and Avoid Phishing Scams