Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
How to Protect Vulnerable Seniors From Cybercrime
According to the FBI, people over the age of 60 lose more money to cybercrime than any other age group. The good news: Safety is only three main tips away.
I walk my dog in the mornings with a group of senior citizens, and they like to ask me questions because I "know" computers. Whether I "know" computers is highly debatable, but their questions made me realize how vulnerable older adults are to cybercrime and fraud.
The amount of money lost to cybercrime by American citizens is staggering. If you break down the losses by age group (per the 2017, 2018, and 2019 FBI Internet Crime Complaint Center reports), people over the age of 60 lost more money than every other group — usually more than several age groups combined.
What's particularly sad is this number is almost certainly much higher than we know. An AARP study estimates only 25% of senior fraud victims report the crime.
Many victims are embarrassed or worried family members will think their judgment is impaired or pressure them to give up control of their financial affairs. Many of them lived much of their lives and careers without computers, so they often aren't as aware of practices that can keep computers safe, such as patches and updates. And seniors will continue to be targeted more than other groups because they tend to have more money after a lifetime of earning and saving.
Older adults are a diverse group of people, so it's wrong to make wholesale assumptions about their knowledge. But the statistics show we need to help educate them on ways to stay safe online.
The FBI, local law enforcement, and other groups all offer some good resources to help educate seniors. The ECCouncil recommends some common-sense guidelines and says "this time it is the younger generation which needs to educate their parents."
Everyone who "knows" computers has had to do tech support for older friends and family. The next time Aunt Grace asks you to come look at her computer or your church group asks you to update their website, use that as an opportunity to start a conversation about staying safe online. Let's start talking about the resources available to seniors to avoid becoming victims of cybercrime and fraud.
As a starting place, here are three topics you could discuss with an older loved one.
Responding 'Out of Band'
Seniors are the recipient of a disproportionate number of phishing emails and scam calls. Remind them to make it a habit not to trust any initial contact. This will short-circuit a slot of fraud attempts.
Tell them: If a caller says they are from your bank, hang up, look up the number, and call back. If an email tells you your account is compromised, look up the URL of the website and open a new window to sign in.
And remind them: "Hover before you click!" If the link doesn't look legitimate, it probably isn't.
Multifactor Authentication (MFA)
Explain MFA and how to enable it whenever possible. MFA via an app (like Google Authenticator) is preferable to SMS, but any MFA is on balance a good start. Talk about how it increases their security because even if someone does guess their password, the account remains secure because the bad actor won't have the other factor, like a one-time password or their fingerprint.
Password Hygiene
Discuss why they shouldn't reuse passwords — how if their username and password are stolen in a breach at Company A, scammers will try that same username and password combo at dozens of other sites, including online banks and credit card sites. (With 65% of people reusing passwords, the odds are good they'll get lucky.) Explain why complex passphrases rather than shorter passwords are the current best practice, and maybe even talk about using a password manager.
Older people are disproportionately the targets of cybercriminals. But they are fighting back: At the age of 95, former FBI director William Webster helped get a scammer convicted. Let's help them win.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024