Online Safety During COVID-19: What Older Adults Need to Know

[ Article was originally posted on https://bootcamp.berkeley.edu/ ]

The pandemic has dramatically exacerbated the risks that older adults encounter online. Faced with the prospect of needing to socially distance long-term, sequestered elders have begun reaching out to friends and family through social media, video chatting and other digital means of connection. 

But as older adults’ tech reliance rises, so too does their potential for risk. The number of cyberattacks has sharply increased over the last several months. In fact, the FBI recently reported that the number of complaints about cyberattacks that they have received often tops 4,000 per day — a 400 percent increase from the numbers recorded in 2019. Many of these attacks have preyed on victims’ pandemic fears to trick them into compromising their digital security; Microsoft estimates that between 20,000 and 30,000 of these “themed attacks” took place daily during April and May. 

Unfortunately, older internet users are often targeted by cybercriminals. As one writer for Cybercrime Magazine explained in an article on the matter, “Unlike many millennials or even baby boomers, seniors often have ‘nest egg’ funds for retirement. They’re less likely to actively monitor their credit. They’re typically very polite and are more trusting. They’re also less likely to report fraud out of embarrassment, shame, or fear that their families may believe that they should no longer live alone.” 

In 2018, the FBI’s Internet Crime Complaint Center reported that individuals 60 and over submitted 62,000 fraud complaints, which collectively encompassed a loss of nearly $650 million (PDF, 1.9 MB). It’s an astronomic loss — and one that appears on-track to increase in upcoming years. According to a 2019 brief from the Aspen Tech Policy Hub (PDF, 316 KB), the number of online scams targeting older Americans has increased by over 400 percent in the last five years. Today, half of all scams against older adults occur online, rather than over the phone or in-person. 

Older adults — and those who care about them — need to be especially vigilant against cyberattacks throughout the pandemic and beyond. Below, we’ve included a few insights on how older internet users can identify, avoid and react to online fraud. 

Identifying Common Attacks

Before we start delving into specific attacks, we need to talk about the general approach that backs most senior-targeted online scams: phishing. 

Phishing refers to any scam that disguises itself as a reputable company to gain victims’ trust and convince them to reveal sensitive personal or financial information. Most threats will feature some variation on this theme — though, as you will see, attacks can vary in their execution. 

Deactivation Scares

Few things are more anxiety-inducing than the subject line of a deactivation email. Typically, it will read something like this: 

Warning! Your Account Has Been Locked

When you open the email, it will tell you that “unusual activity” has been detected in your account and that your account will be deactivated if you don’t take immediate action. It may ask you to follow a conveniently included hyperlink to sign into your account and, in some cases, enter your billing information. 

These messages can be frightening, especially if the scammers pose as an essential contact — say, your utility provider or credit servicer. Our instinct is to follow the link and resolve the situation immediately to avoid disrupting daily life. But that can be a critical mistake. If you click the link and submit your information to a fake site, cybercriminals will be able to steal your information and, potentially, your money. 

Before you respond to a deactivation email, take a moment to assess the email in front of you critically. Do you have an account with the entity emailing you? If so, does the linked URL match the website you would normally visit to manage your account? You must check the URL, as fraudsters may design a fake website that looks reassuringly similar to the real one as a means to deceive you. 

Be safe; if you receive an email that you aren’t quite sure about, ignore the link and check your account as you usually would. Don’t let scammers panic you into a reaction!

Fake Government Threats

No one wants to mess with the IRS or FBI. Most of us go out of our way to ensure that we live within the law and encounter these agencies as little as possible. 

However, some scammers will use our anxiety around accidental rule-breaking against us by sending official-sounding threats via email. These messages will tell you that the government is aware of your supposed misdeeds — these often include offenses like tax evasion, illegal music downloads and pornography viewing — and intends to send you to prison unless you pay them immediately. 

Scammers prey on your fear to get you to compromise your best judgment. To borrow a quote from CSO Online’s Roger A. Grimes, “Even if the thing […] is not illegal, you can often be tricked into worrying that you have been caught. And nothing motivates someone to respond immediately and with uncharacteristic foolishness [like] the threat of jail.” 

Here’s the truth: If someone who claims to be from the government emails you with a threat of jail time and demands immediate payment, they are fraudulent. Don’t pay them! 

Banking Scams

Imagine this: you get a call from your bank. They tell you that they’ve found a problem with your account or claim that a few of the payments you’ve scheduled haven’t gone through. But don’t worry, they say, it’s an easy fix — just transfer the money into another account set up for you. 

Relieved, you give them the information you need to make the transfer and reopen your accounts. You think nothing of the conversation until a few days later, when you check your balance only to realize that the money is gone, and the “representative” you spoke to was a scammer. 

Banking scams like these are an example of vishing, or voice-phishing. These hacks occur when cybercriminals contact you via the phone, posing as a reputable service representative, and trick you into sharing sensitive information. 

Don’t fall for their tricks. If you get a call from someone who offers vague warnings about your account and offers to “fix” the problem by transferring money, hang up the phone! If you’re concerned that there may be a problem with your account, call your bank directly and check for yourself. 

Extended Car Warranty Scams

Telemarketers tend to be unwelcome. But these days, some of them may not even deliver on their unsolicited promises. Some cybercriminals have begun posing as legitimate telemarketers by “selling” extended car warranties over the phone. These frauds often prey on older victims, who tend to be more familiar with and trusting of over-the-phone selling than their younger peers. 

However, the warranties they offer are usually nonexistent — believable enough to fool you into handing over your credit card information during a call, but not tangible enough to provide any coverage. 

Stay clear of these fake telemarketers! If you need to purchase an extended warranty, contact your insurance provider or local dealership for legitimate information. 

Smishing Schemes

Even texting isn’t risk-free. Smishing — a term that riffs on both “SMS” and “phishing” — uses text messages to ensnare victims. A cybercriminal who applies a smishing attack will send a message to their target, warning them of impending charges if they don’t follow an included link to update their information. Typically, these fraudsters want to access your social security number, banking information or credit card numbers. 

Text messages aren’t immune to cybercrime; don’t click links you don’t trust!

Online Dating Scams

All scammers make their money by preying on our fear, insecurities and emotions, but sweetheart scammers are perhaps among the worst. 

In 2019, researchers for the Aspen Tech Policy Hub found that scams conducted on dating platforms resulted in $473 million in losses for older adults (PDF, 316 KB) over the preceding five years — more than any other type of fraud targeting seniors. These fraudsters prey on lonely seniors, gaining their trust and affection before wheedling them out of their life savings. 

This threat is particularly pressing now, as the pandemic has forced seniors to stay isolated from their friends and families. A survey conducted in June 2020 found that 56 percent of people over the age of 50 said that they “sometimes” or “often” felt isolated from others — a rate double that reported in 2018. 

Be careful about who you trust online. If you connect with someone on an online dating app and they ask for money, break off the relationship! You don’t want to find out down the road that someone you cared for took advantage of your trust. 

What to Do if You Are a Victim of a Cyber Attack

If you become — or even suspect that you’ve become — the victim of a phishing attack, you need to take immediate action. 

Recognize the Signs

If you’ve inadvertently clicked a suspicious link or entered sensitive information into a login portal that, in retrospect, didn’t seem quite right, keep a watchful eye on your email and bank accounts! You may notice a few of these symptoms following an attack:

• Unfamiliar purchases or transactions posted to your accounts
• Locked or inaccessible accounts
• Spam email sent from your account

You should also keep a close eye out for identity theft. Hackers who obtain your personal information can use it to commit fraud. Some examples of identity theft include:

• Financial Identity Theft — A hacker uses your personal information to access your bank accounts, commit employment fraud and take out loans or open new credit cards in your name. All of the above can be damaging to your credit score.
• Medical Identity Theft — Has a cybercriminal phished your health insurance? Fraudsters may abuse your information to cover their medical care — and leave you on the hook for any unpaid bills. 
• Tax-Related Identity Theft — If a cybercriminal can get their digital hands on your social security number and personal data, they may be able to submit false tax documents to steal your tax return. 

If you notice anything odd, don’t let the situation simmer! Take steps to protect yourself. 

Change Your Passwords

Has a hacker gotten hold of your passwords? Change them! 

Prevent cybercriminals from doing any further harm by closing off their access to your account. See How to Protect Yourself Online below for more details on what makes a strong password. 

Contact Your Credit Bureau and Banks

Don’t let a bad actor abuse your credit cards. If you notice transactions that you don’t remember or those that take place in states you haven’t recently visited, call your bank to cancel the card and request a new one. 

You may also want to get in touch with your credit bureau to inform them of the breach and contest any outstanding charges or collections that were put on your record without your consent. 

Ask for Support If You Need It

Cybercrime is frightening. It doesn’t matter how old or young you are — when an online fraud takes advantage of you, it’s natural to feel frightened, embarrassed or uncertain. 

You don’t have to go through this alone! Ask a tech-savvy friend or family member to keep you company and provide moral and technical support while you do damage control. 

Disconnect Your Device

You’re already dealing with one compromised device — why let the problem spread? If you’re concerned that hackers may have gained access to your computer, phone or tablet, disconnect the affected device from your network. Doing so will hopefully stop hackers from gaining access to your other digital tools. 

Scan Your System for Malware

The presence of malware — software specifically designed to interrupt, damage or gain access to a device — isn’t always noticeable. It can lurk in your system, giving hackers a doorway into your device and any sensitive information it may contain. 

But don’t worry; you don’t need to dig through your phone or computer by hand. Antivirus programs can help you detect, quarantine and resolve cyber threats. Reputable options include:

• Avast Free Antivirus Software
• Malwarebytes Malware Protection
• Norton 360

Make sure that your chosen antivirus program is legitimate before you install it! Read reviews before you select a product, and only download from the company’s official website. 

Once you’ve downloaded and installed your chosen software, you’ll be prompted to scan your device for potentially dangerous programs. After the scan completes, the antivirus service will tell you whether you have a malware problem and advise on how to resolve it.

These are all steps that you can take in response to a cyber attack. But wouldn’t it be better to avoid cyber criminals in the first place? 

The Basics: How to Protect Yourself Online

Here are a few proactive measures you can take to protect yourself online. 

Use Strong Passwords

How robust is your password? If you’re like the majority of Americans, it’s probably not too hardy. 

According to a 2019 survey from Avast, a full 83 percent of Americans use “weak” passwords — i.e., those that are shorter than ten characters and do not include numbers, special symbols and both upper- and lower-case letters. Even worse, over half (53 percent) use the same password for multiple accounts, leaving themselves at greater risk if a hacker manages to find their one-size-fits-all code. 

Your best practice should be to develop a new, strong password every time you create a new account. If you’re worried that you won’t be able to keep several passwords in mind, use a password storage app like LastPass, Keeper or Dashlane. Or, if you’d prefer to go analog, write your passwords down on a piece of paper and hide them somewhere that only you can find!

Be Careful About Giving Your Information Away

You wouldn’t hand your car keys over to a stranger without cause; why would you give the keys to your online accounts to someone you don’t know? 

Whenever a website asks you for sensitive information — your social security number, banking information, credit card numbers, etc. — take a moment to consider who the asker is and why they need the information. For example, while you might trust your social security number to a credit bureau, you certainly wouldn’t want to give it to an online retailer. 

Err on the side of caution! If you don’t feel right providing your information, don’t do it. 

Delete Emails That Seem Odd

As we’ve mentioned earlier, cybercriminals will often use email to trick victims into following sketchy links or sharing their sensitive information with untrustworthy sources. If an email seems off, trash it! 

If you’re unsure whether an email is legitimate, leave it unread while following up with your service provider via phone or their official website. 

Avoid Too-Good-To-Be-True Deals

It’s a truism of life — if an offer seems too good to be true, it probably is. Take all digital correspondence and interactions with a grain of salt, and don’t be afraid to ask questions if something seems suspicious. Scams fall apart under the pressure of a little critical thinking!

Additional Resources:

• Strategies for Staying Safe and Secure Online — AARP
• 18 Internet Safety Tips for Seniors — Vista Springs Living
• How Retirees Can Avoid Mounting Cybersecurity Threats — CNBC 

How to Stay Safe When Using a Shared or Borrowed Device

So far, we’ve talked about how you can protect yourself on a personal device. But what do you do if the device you use is borrowed or public? 

Public computers are not as safe as private ones. By definition, the public-access computers and internet provided by community hubs are freely available for use and often lack meaningful security protocols.

If you access the internet via a shared network — say, at a library or community center — you may face greater cybersecurity risks than someone who uses their personal computer. In either case, you should follow the basic tips provided above. However, if you rely on a shared device, you should also integrate the below suggestions into your browsing habits. 

Avoid Banking or Shopping on Public Wifi

Any online interaction that requires you to input financial information (routing and account numbers, credit card numbers, banking passwords, etc.) should wait until you are on a secure device. 

If bad actors have — unbeknownst to you — installed malware on a public computer, they may be able to record and use any information you share without your consent. If possible, only bank and shop when you have access to a private device that you know to be safe. 

Remember to Log Out When You’re Done

This point cannot be overstated. When you finish using a public computer, you must log out of every account you signed into. Otherwise, the next person who comes along may have access to your email, or banking profile or any other site you may have used. 

This access can be abused to gather more information about you — or even enable identity theft. Log out when you’ve finished using a public computer, and clear your browser history for good measure. 

Use Extra Authentication for Your Accounts

Still worried about someone accessing your accounts via a public computer? Don’t worry — there are measures that you can take to further protect yourself. 

Multi-factor authentication institutes a redundant login system that only provides access after users verify their identity via two or more methods. For example, if you set up two-factor authentication on your email, a hacker would have to know your password and access the secondary verification method (e.g., a confirmation text on your phone) to sign in. 

The process of setting up two-factor authentication will vary depending on where you want to establish it. Check out the resources below for some common uses!

Additional Resources:

• Two-Factor Authentication for Apple ID — Apple Support
• Two-Factor Authentication for Facebook — Facebook Help 
• Google Two-Step Authentication — Google

Don’t Open Unfamiliar Apps

Remember, you aren’t the only person using a public device. For all you know, someone might have — intentionally or not — installed malware on the computer you’re using. 

If you see an app that you don’t recognize, don’t open it! If you do, you run the risk of inadvertently initializing a malicious program.

That said, if your curiosity drives you to investigate, try searching the program’s name in Google before double-clicking. A cursory search will tell you what the program is, whether it poses a risk and what it might be used for. It’s all well and good to investigate — but make sure that you prioritize your digital safety, first!

What Family Members Can Do to Support Older Adults

If you want to help your older relatives stay safely connected online during these difficult times, make a point to offer your support. Set aside an hour or two to talk through online safety protocols with your family member, explain the risks they face online and point out a few common red flags that they might need to look out for. 

But make no mistake, supporting your older adult friends and family members will require more from you than an hour-long chat. They may need you to answer the occasional technical question or guide them through tricky software installations. Real support is a long-term process; demonstrating it won’t be the work of a single afternoon. 

Additional Resources:

• Keeping Your Family Safe in Cyberspace — ItGresa
• How To Teach Your Parents And Grandparents About Cybersecurity — Cybersecurity Magazine
• How Can I Keep Grandma and Grandpa Safe Online? — SafeWise