When people think about cybersecurity threats, Stephanie Helm said, they often think only about the technical side — the ways in which electronic devices can be compromised and data stolen.
They sometimes forget about the human side of the equation — but that’s where older adults are often especially at risk.
“There’s a technical vulnerability that can be exploited, whether it’s somebody’s password, exploiting a vulnerability because they failed to update the device to include a patch, or maybe they’re using an unsecured WiFi when they’re in a public location,” said Helm, director of the MassCyberCenter. “So there’s a technical component that everyone using the internet is facing today.”
Just as critical, however, is what she calls the “social engineering of the individual,” where a victim willingly divulges information based on the fact that somebody’s engaging them in a personal way.
“These are professional people who know how to hit those emotional buttons and continue that relationship with the hope that somebody is going to divulge information.”
“Older folks might not have the comfort level with the technology to secure their information,” she said, “and they may be more vulnerable to the social engineering.”
Helm shared these thoughts and others during a webinar presented last week by LeadingAge Massachusetts, titled “Cybersecurity: Helping Older Adults Stay Safer on the Internet.” She joined Rubesh Jacobs, managing director of 24/7 Techies USA, and Judy Miller, director of Technology and Accounting for Kendal at Oberlin in Ohio, to discuss the reasons seniors are increasingly falling prey to online and e-mail scams, and what can be done about it.
“The number of scams leading to financial loss has been dramatically increasing since 2019,” Jacobs said, citing a Federal Trade Commission (FTC) report that the number of online scams tripled between 2019 and 2020, outpacing phone-call scams — which actually declined slightly — for the first time. Meanwhile, e-mail scams more than doubled.
“The acuteness of that spike is shocking,” he added. “We’ve also noticed this trend in our own call centers; 28% of calls we get for help are somehow related to fraudulent activities online.”
According to the FTC, Americans age 60 and up are falling prey to tech-support scams — in which someone poses as a computer technician to gain remote access to the victim’s computer — about 475% more often than those ages 20 to 59. (By contrast, the younger group falls victim to online-shopping scams 60% more often than seniors.)
“Senior citizens are really in that nexus where a criminal can get at them through technical means, or they can get at them through social engineering” — and often a combination of both, Helm said. “The protections you put in place have to look at both of those aspects because you’re not quite sure which of those things a person might be most vulnerable for. I think that’s really troublesome.”
“Seniors lose an average of $500 or more when they’re scammed, sometimes due to the fact that they are often trusting and polite, they own their own home, and they have good credit, so they make a good target.”
Effective cybersecurity, she explained, considers people, processes, and technology working together to make someone more resilient and likely to recognize scams.
“The components of social engineering are worth thinking about,” she added, noting that a scam might begin with a realistic bot, either on the phone or online, that shifts over to a live scammer if the victim responds.
Those victims, Helm said, are often lonely and want to talk to someone, or they’re trusting and grateful that someone wants to help them solve a problem, which is why scammers try to establish trust.
One reason for the recent spike in cases is that many older adults were much more isolated starting early in 2020, with family members avoiding most visits until after COVID-19 vaccinations arrived, she noted. But families do need to engage with these topics. “Having an ability to ask questions or to talk about things they’ve been presented with in a safe manner is really important.”
But seniors are far from the only victims, Helm said. “If they continue the engagement, these are professional people who know how to hit those emotional buttons and continue that relationship with the hope that somebody is going to divulge information.”
It Takes a Village
Miller has worked for Kendal Corp. for 28 years, so she’s seen these threats evolve at her own facility, which offers units for independent and assisted living, memory care, and skilled nursing.
“Seniors lose an average of $500 or more when they’re scammed, sometimes due to the fact that they are often trusting and polite, they own their own home, and they have good credit, so they make a good target,” she explained. “They have also been falling prey to cyber incidents because of their increased use of the internet.”
Scams that have targeted her residents have taken many forms, from imposters posing as legitimate government agencies or companies requesting payments to fake but attractive offers for gift cards, and much more. Most originate from e-mail, she noted.
When Jacobs asked Miller how often she hears such things, she responded, “it’s almost more important how much we don’t hear about them.”
To make sure people stay educated, if she hears of a scam targeting a resident, all residents are alerted, and some tech-savvy residents will even spread the word themselves if they encounter a scam attempt. “It’s really engaging the entire community to help each other in preventing some of those things from happening.”
Once a scammer gains someone’s trust, Helm said, they often introduce an element of urgency — the idea that the victim has to act now to get a deal or avoid a penalty or legal trouble.
“We should talk about how these scams exist and give senior citizens the confidence that they can recognize when this doesn’t make sense and avoid that sense of urgency to act, because that’s where you make a mistake,” she explained. “It’s perfectly acceptable to say, ‘I do all my business by mail — put a letter in the mail to me, and I’ll respond to you.”
But it’s easier said than done, she admitted, especially at a time when many seniors — and younger people, for that matter — have been more isolated than usual.
“I think it’s difficult for anybody in society to be fully armed and resilient. I feel if people become isolated in their old age and are not as familiar with some of the technology, they can get intimidated. So this is an area where we’re trying to see if we can be more helpful to them.”
Family members can help educate their older loved ones by asking gentle but probing questions about what may be going on, the webinar participants noted, and encourage residents of senior-living communities to call an administrator if they encounter a suspicious e-mail or think their information may have been compromised. And, of course, they should emphasize the importance of protecting passwords and other sensitive information, not clicking suspicious links, and shopping only at reputable, well-known websites.
“If it sounds like it’s too good to be true, it probably isn’t true,” Helm said. “I like to talk with senior citizens about having confidence in the skeptical skills they had throughout life. These are scams that happen to be on a computer, but they’re scams we grew up with since we were kids — bait and switch, or acting like an imposter.”
She takes a broad view of threats, having served in the U.S. Navy for 29 years. After her retirement as a captain, she taught military operations, specifically on integrating cyberspace operations into wargames.
“That was an opportunity to talk about how cybersecurity or cyber operations can affect operations that you traditionally would not think they would impact,” she explained. Now, in her role with the Mass Cyber Center, she knows there are few areas cybersecurity doesn’t impact — and that older Americans are often especially at risk.
“Today,” she said, “we all know this has great consequences to our daily lives.”
Joseph Bednar can be reached at [email protected]