The web can be a rich source of information, connection, and community for older adults—something that became even clearer during the COVID-19 pandemic. But as with any public space, you need to be aware of your surroundings. There are many online scams that target older adults, and their number and sophistication continues to grow. In 2022 alone, the Internet Crime Complaint Center (IC3) reported that 88,000 people age 60 and over collectively lost $3.1 billion dollars to internet fraud, with cryptocurrency and technical support schemes topping the list of complaints.
“Cyber criminals prey on older adults for a simple reason,” explained Genevieve Waterman, NCOA’s Director, Economic & Financial Security. “And it’s because they are more likely to have money, earned during a lifetime of employment.”
Perceived memory issues and a sense that older adults are more trusting play into it, too, she said.
Cyber security tips for seniorsBut you don’t have to resign yourself to becoming a victim. Scammers may be sophisticated—but there are smart ways to safeguard against them. Think of cyberspace as the freeway: you have to navigate it defensively. Just like fastening your seatbelt, using some basic internet safety practices can help ensure that your online experience is safe and enjoyable. We’ve outlined four top cyber security tips below.
1. Don’t click on links in emails from unfamiliar senders. Be wary of any strange or unexpected messages, even if it's from someone you know.Emails, text messages (or SMS), and social media posts can all contain malicious links. Spam or malicious emails are by far the most common method attackers use to deliver malware or phishing links. Phishing links take you to sites that gather your personal and financial information. Malware, short for “malicious software,” is software intentionally designed to damage or gain unauthorized access to a computer, server, or network. Malware has the power to destroy files and steal your personal information. It can even impact the performance of your computer.
Here’s an example of how a malware attack works: The attacker sends you a message prompting you to click a link. The message looks professional and legitimate. It might advertise deals that look too good to pass up or convey an urgent request for information or payment. Clicking on the link downloads malware onto your system. Once your phone or computer is infected, the attacker uses your personal contact list to send out more malware directly from your account.
How do you avoid malware attacks and phishing scams? Don’t click on links sent through email, text, and social media from people you don’t know. Be especially wary of emails urging you to go to a website and provide personal details. If a message looks suspicious but appears to be from a business or person you know and trust, check with them before clicking or go directly to their website and contact them that way. It’s not rude—it’s smart. If you want to click with real confidence, be sure to have strong security software installed on your phone, laptop, or desktop computer.
“One thing to keep in mind is that scammers always push victims into feeling like they have to act immediately. They hope to pressure victims into making rash decisions. Don’t be duped by this ploy," said Emma McGowan, a privacy and security expert at Avast.
"If you ever feel pressured to click on a link or pay some money, step back and assess the situation,” she continued.
2. Don’t open any attachments unless you know the sender and were expecting them to send it.While attachments to an email may appear to be harmless, they could contain malware designed to launch an attack on your device. These attachments can be disguised as run-of-the-mill Word documents, PDFs, e-files, and voicemails. Don’t open any attachments you aren’t expecting or that are from an unknown contact—especially if they have the extension .exe or .zip. If the file(s) appears to be from a friend or family member, reach out to them to make sure they’ve sent you something.
Even if you get an attachment protected with a password, that password doesn’t mean it’s not malicious, and it won’t protect you. You should still be cautious and check with the sender. This internet safety rule also applies to attachments sent via text messages (or SMS) and social media.
And one more thing about social media: Scammers often create duplicate (fake) accounts using names and photos of people you know, then send a friend request. If you get one of these requests, reach out to your friend before accepting; chances are, it’s not legitimate and you should delete it.
3. Ignore unsolicited phone calls and “robocalls.”Treat any unsolicited phone calls with skepticism—even if the phone number or name on your caller ID looks familiar.
“Advances in technology mean that phone scammers can easily “spoof”—or mimic—numbers that don’t belong to them,” Waterman said. “They might be calling you from another continent, but the number you see shares your area code, or looks like it’s from a local business. The person on the other end of the line is banking on the fact that you’ll pick up because the call seems legitimate. And once that happens, you’re immediately vulnerable to voice phishing.”
Voice phishing scams use sophisticated phone technology and are a common way for scammers to defraud seniors. What is voice phishing? When you answer the phone, a live person or recorded voice gives you false information that sounds important and time-sensitive. They may claim to be a young relative in trouble or say that your car’s warranty is expiring, and payment is required. Or, the caller may claim to be from “tech support” and tell you, falsely, that your computer is infected with a virus and you need to get it repaired. They may then request remote access to your device—or require you to pay a fee. You may be asked to provide personal information, which could be used later to steal your money or your identity. The person on the other end of the phone may try to pressure you—or even use threats.
Keep in mind that government entities, such as the IRS, will never call you asking for sensitive information. And technology companies won’t call you out of the blue to offer you technical support or assistance. Avoid giving money to someone over the phone, especially wire transfers, gift cards, and fines or bail. The best thing to do is to pre-screen all your calls, even if you’re pretty sure who’s on the other end of the line. Any friend, family member, or organization with a legitimate need to call you, will either leave a message or try again.
And if you do pick up and hear a recorded voice, the next best thing you can do is say nothing and hang up.
4. Don’t respond to or click on pop-up windows on your phone or computer.Screen pop-ups are another way to scam older adults. A common pop-up ploy is scareware. This is a malware scam technique that uses pop-up security alerts and other tricks to frighten you into downloading or paying for fake software disguised as real cybersecurity protection. How does scareware work? An “urgent” pop-up window appears on your computer or phone, telling you that your device is compromised and needs repairing. When you call the support number for help, the scammer may either ask for remote access to your computer or request a fee to fix it.
Another malware technique is to use deceptive “Close” or “X” buttons, which automatically install a virus when you click on them. If you’ve accidentally downloaded scareware onto your device, delete the downloaded file immediately. It’s also a good idea to install genuine antivirus software that can remove any harmful remnants of the malware.
5. Don’t conduct any transaction involving personal information while using a public (or unsecured) network“This advice is less specifically about scams and more about online safety overall,” Waterman said. “Public networks are crawling with scammers just waiting to intercept your passwords, bank account numbers, and other sensitive information so they can use it later to steal your money or identity. And it doesn’t require them to fool you into giving it up. They just take it.”
If you often rely on public WiFi and need to make purchases, log in to your financial institution, check your medical record, or other activity involving personal information, consider setting up a virtual private network (VPN) to protect yourself. Otherwise, wait to do these things until your internet access is firewalled (secure).
You can further safeguard your mobile device from intrusion by protecting it, and any apps on it, with a PIN number or biometric recognition (such as touch ID or facial recognition).
How to take action to prevent online scams that target older adultsInternet safety for adults is important, but it doesn’t have to be stressful. Awareness is a powerful first step in protecting yourself. Another item on your personal cyber security checklist should be installing trusted antivirus software to protect you and your device. There are a number of reputable options available for free on the web.
Lastly, if you think you’ve been the victim of an online scam or cyber attack, be vocal about your experience. You’re not alone—and there’s no reason to feel embarrassed about what happened. Immediately contact your local police and your financial institution if money has been taken from your account. You can also report the scam online to the Federal Trade Commission (FTC).
This content on personal security was developed in partnership with Avast. Learn more about Avast’s privacy and security software and how it can help protect your information and data.