The Cyber Security of Older and Wiser

Resent research shows that older adults face increased risk associated with COVID-19. Specifically, this analysis publicised by Columbia University clearly outlines that fatalities due to COVID-19 increase dramatically after the age of 50 and peak for the 80+ group. We also know that men with high blood pressure are most likely to suffer from the new virus. Yet, senior adults are not only vulnerable in the face of the new coronavirus, they are also particularly vulnerable online. As many of the regular activities are shifting to cyber spaces due to the advice to increase social distancing, I tried to gather some information and resources, which hopefully will help you (if you are an older adult) or your loved ones feel more safe online.

Major cyber risks for older adults

So what is special about cyber risks for older adults? Indeed, many of cyber threats faced by this group are similar to the threats faced by the rest of the population, yet, several types of attacks particularly target elderly. According to the IBM Cost of Data Breach Study reports in the last few years cyber breaches mostly target 3 types of data:

  1. Identity data (information that can be used to masquerade as someone) is the most targeted personal data, accounting for 64% of all data breaches.

  2. Financial data (bank account credentials, credit card data) is the second most targeted data and accounts for 16% of all data breaches.

  3. Account data (username/passwords to social media websites, etc.) is a target for 11% of all data breaches.

This means that over 91% of all cyber breaches are after personal information of various types. Unfortunately, older adults are a lot more likely to become victims of adversaries for a variety of reasons:

Elderly are more likely to fall for social engineering scams: I am sure many of us are familiar with those online fraud schemes, where an email (primarily from Nigeria, but could be from other countries as well) is trying to convince you to either wire money somewhere overseas or tells you that you inherited some money asking for personal data. If you think that such schemes are small and lead nowhere, think again - only recently FBI uncovered a large cyber ring, which stole $40 million in total from victims in 10 countries around the globe. I have recently heard at several cyber security conferences that cyber fraudsters are much more likely to go for elderly ladies in case of such scams. The main reason for this is that elderly women tend to be more empathetic to people in need or more likely to follow through with engaging in conversation about inheritance. Yet, social engineering scams "catered" for elderly do not stop there. Here is a short list of potential online fraud variations:

  • Sweetheart scams - one of the most used scam targeting elderly. Fraudsters usually target older adults living alone. They first try to win the trust of an unsuspecting individual and then ask to reveal house address or share bank details.

  • Scams mimicking government services - in many cases fraudsters pose as governmental agencies or officials trying to obtain important personal data. For example, a phishing email may mimic a governmental agency and lead to a website, where victims are asked to provide social security numbers, national insurance numbers (or equivalent tax numbers). Obviously, such numbers are never replaced and in the wrong hands can be used for a variety of fraudulent activities.

  • Healthcare and wellbeing scams - such scams could be either targeting personal information or trying to sell counterfeit drugs. The former scams usually involve cybercriminals pretending to represent medical care workers and ask elderly victims for personal information. In the latter case, the adversaries are taking advantage of the increasing drug costs and sell illegal or counterfeit medication to the older adults. These drugs not only cost a significant amount of money, but also often lead to unexpected and unwanted health outcomes. The latter case may also involve selling or pretending to sell bogus anti-aging products.

  • Funeral scams - as horrific as it may seem, but fraudsters use obituaries to fish for information about the deceased citizens and use this information to extort funds from their families. Again, older adults are much more likely to suffer the consequences of such attacks.

  • Financial scams - here the possibilities are multiple as fraudsters may pose as financial advisors pretending to help their victims to make investment decisions or engage in mortgage fraud. The latter often involves adversaries posing as home repair companies, pressuring the victims to take out equity and use it as payment for renovation services.

  • Lottery scams - these usually involve fraudsters contacting the victims informing them of the lottery win. The fraudsters then send a fake check to the victim's bank account (the check never clears, unsurprisingly) but by the time the bank uncovers the fraud, the adversaries walk away with sizeable payments from the victims, who transfer "fees" or "tax" on the fake prize money.

  • Family scams - as in the case of the funeral scams, here fraudsters take advantage of the elderly's emotions and family bonds. Armed with information from the social media, fraudsters pretend to be the relative of an older adult (often, a grandchild) and ask the victim to help them out with money. Unfortunately, once they receive the first transfer, fraudsters rarely stop and continue demanding money.

  • Work from home opportunities - many elderly citizens fall for online work opportunities. Yet, often times these opportunities are posted by scammers in their bid to obtain personal information for future identity fraud. Since employers often ask for passport numbers, social security/tax numbers, etc., older citizens are often swindled by such scams.

Elderly people are not cyber-savvy, which has several implications, but most important one probably concerns setting passwords. Most password systems require setting rather sophisticated passwords, which are difficult to remember. So, elderly citizens tend to either write down passwords and keep them in places, where they could be easily seen by others or, even worse, ask other people to record or remember these passwords for them. Despite the recent boom in the use of password managers, older adults still feel uncomfortable using such systems to help them create and remember passwords.

Elderly people are often targeted by phone or regular mail: adversaries often use non-cyber mediums to defraud elderly citizens. They often use telephone scams or even send the victim letters by regular mail. Often, they try to get money by pretending to be a the victim's bank, a charity or a relative.

What skills do older adults need to develop to protect themselves?

Recent research from several US universities identified a range of skills necessary for older adults to protect themselves from online threats:

  • Learning to prevent the leaking of confidential digital information to unauthorised individuals

  • Learning to identify malware from non-secure Websites

  • Learning to prevent personally identifiable information (PII) theft via access to non-secure networks

  • Learning to prevent PII theft via e-mail phishing

  • Learning to prevent malware via e-mail

  • Learning to prevent credit card information theft by purchasing from non-secured Websites

  • Learning to prevent information system compromise via USB or storage drive/device exploitations

  • Learning to prevent unauthorized information system access via password exploitations

  • Learning to prevent theft via social networks

Yet, acquiring these skills is not an easy task. The key, as in many cases, is experience. Here are some useful websites, where you might find helpful advice for older adults:

I would also suggest to start with this nice quiz developed by Protect Seniors Online (I actually use a very similar test for my students in class, so it is good for everyone, not only for older adults!).

Take Aways

Older adults are particularly vulnerable to a variety of cyber risks. So, what can one do to improve the odds? Awareness makes a huge difference so reading more on this topic will help you or your older loved ones become more confident online. Also, the golden rule is that if you feel that something is strange, it probably is - so if you are not sure whether an online or phone offer is genuine, by that I mean if you have any doubt at all - leave it and do not engage. It is always better to be safe than sorry.

#cybercrime #cyberrisks #cyberthreats #datasecurity #cyberattack #hacking #risk #infosec #security #ransomware #phishing #dataprotection #informationsecurity #elderly #olderadultscyber