Every year, cybercriminals steal approximately $40 billion from older adults (senior citizens aged 60 and over) in the United States. Cybercrime can be defined as “any criminal activity in which a computer (or networked device) is targeted and/or used.” Cybercriminals with access to an older adult person’s information via a computer, smartphone, or other networked device, can easily exploit it for nefarious intent, defined as “an act of forcing, compelling, or exerting undue influence over a vulnerable adult causing the vulnerable adult to act in a way that is inconsistent with relevant past behavior or causing the vulnerable adult to perform services for the benefit of another”.
The scope of bad actors targeting senior citizens can be explained by the lack of experience and skills in using computers/technology among the elderly, against the growing popularity of computer systems held by people of the same age, and the fact that most of them have credit cards.
In the past, people in their 70s and 80s hardly ever used computers. Nowadays, people of the same age have social media accounts, surf the Internet, and of course use smartphones.
Unlike their younger counterparts, seniors are less aware of cyber threats and, in many cases, lack the tools and experience to identify attacks and fraudulent attempts. Even elderly people with no access to computers or smartphones can fall victim to cyber-related crime such as in the case where their personal details have been leaked from a database and sold to criminals who can then exploit. Seniors also give bad actors the highest hit rates from phone phishing scams with frequent attempts being compromise of personal information and news of harm/captivity of the elderly’s children.
Most of the crimes against the adult population use a similar pattern as fraud against the elderly with no connection to computers (such as telemarketing of unnecessary services by highly aggressive sales reps).
The criminals will reach out to those people in a non-suspicious manner – sending a legitimate-looking email, offering to connect on Facebook or by using a legitimate website that offers them some vacation or other prize. The criminals will then try to obtain the details of those people. In particular, they will seek credit card and identification details that allow them to use these cards. Another tactic is impersonating a person in need and requesting a transfer of funds.
Recently, the FBI arrested a network of criminals impersonating other people (Captain Garcia of the US military stationed in Syria, for example) who then persuaded their victims – many of whom were elderly – to transfer money to various causes, all of which were fictitious.
Another favorite method of criminals is impersonating “official” entities – government officials, municipalities and various authorities, while exploiting the trust (or innocence) of those veteran citizens and fraudulently obtaining their details.
In addition, this population is exposed to “normal” cybercrime – phishing, infection by malware and theft of personal information. The only difference is that the likelihood of this population recognizing such an attack is extremely slim, as the ability of people in this age group to understand that they have been compromised and to seek assistance is minimal. It should be noted that such attacks can also be carried out against people through their smartphones, which are very popular with this age group. These devices are usually not installed with protection software that could alert the user to malicious websites or warn them of attempts to exfiltrate personal details from the device.
What can be done?
It all starts and ends with education, but this time it is the younger generation which needs to educate their parents. We should remember the warnings they repeatedly told us when we were younger, and echo similar messages back to them, though in a slightly different way:
– Know your friends and enemies: research shows that the elderly are oblivious to cyber risks, so it’s worthwhile explaining to them some basic concepts and providing them with some examples of criminal or fraudulent online activities for them to learn from and avoid.
– Do not open the door to strangers, and do not receive anything from strangers: Any communication from a party that they do not know personally should be treated with caution. It’s wise to assume all profiles on social networks are fake until proven otherwise.
-Don’t tell anyone any personal information – even if you are convinced that you are in contact with an official, or a real person – do not provide credit card details, residential address or social security number – certainly not by email or messenger.
– If there is any suspicion, call “a responsible adult” – if requests are made to provide contact information, it is advisable to consult a person who is well-versed in security to see that the site is genuine. Yes, that person could be your 13-year-old grandson!
– If something looks too good to be true, it’s probably not true – this old adage is just as true in the online world as it is in the physical world. Resist those tempting offers that pop up while browsing for weird apps that install themselves on the mobile device, and avoid those people who offer big, congested “if only” details or who to send you money.
Conclusion
Unfortunately, today’s elderly will continue to be the victims of cybercrime. This phenomenon will likely become worse before getting better as more elderly dable in technology their generation adopts digital means of payment and banking through smartphones. It will probably take years until the generation who “grew up using computers” come of age, and are immune to such scams with their decades of built-in experience and suspicion of every poor girl from Nigeria who needs a hundred dollars a month to buy dresses for school. Until then, watch out for your parents, and help guard them against those they cannot guard against themselves.
Aspen initiative for protecting older users online-
https://www.aspentechpolicyhub.org/project/protecting-older-users-online/
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.