If cybercrime were measured as an economy, it would be the third largest country, after the U.S. and China, at $6 trillion globally, according to Cybersecurity Ventures’ 2020 special report, Cyberwarfare in the C-Suite.

This chilling statistic relies heavily upon email phishing attacks as the major contributor to so many breaches and data theft. One group of victims stands out as not only the most likely targets, but also among the most lucrative, too.

Senior citizens have survived wars, natural disasters, and even disco, so you would think they might be spared the indignity of being hacked and ripped off based solely on their advanced age, but According to the U.S. Department of Justice, older adults lose more than $3 billion each year to financial scams.

And these scams and correspondences come via the most popular communication format on the planet: email.

Email attacks arrive in the form of many incarnations, including spear-phishing, whaling, catfishing, and other colorful labels, but they all seek to trick users into revealing private data in some way.

Once this data is divulged, hackers can sell it or use it to invade further into the victim’s digital life.

Due to their trusting nature and overall inexperience with the internet, older adults can find themselves the target of daily phishing attacks, but so long as they follow three simple rules, they should be safe from most cybercrime attempts.


1. Never click on any link or attachment in an email you were not expecting. Similar to “never take candy from a stranger,” this rule is pretty straightforward — but imagine the stranger is disguised to look exactly like a loved one.

This is the quandary we have found ourselves in when using the internet as a primary form of communications and transactions. Things are not always as they appear to be.


2. Even if you think the email message you just received is legitimate, do not click on any links within it. Simply type the website URL into your browser (after the first few letters, it will probably fill in the rest for you) so you can be sure you are visiting the real website and not some counterfeit website created to capture passwords from victims.


3. If you already clicked on a link or an attachment in a suspicious email, don’t panic, but stop what you’re doing and take a breath. So long as you did not reveal any confidential passwords or login information to a website you do not trust, you are still safe.

And so long as you did not install any executable files (often ending in .exe or .zip, for instance) onto your computer, you are still in the clear.


If you still suspect you’ve been targeted by a recent phishing attack, you can always check your PC for malware and viruses using antivirus software.

Software like this can also help prevent malware from installing itself onto your computer in the first place, so it’s recommended that you keep running these security programs in the background.

We can all fight back against phishing attacks by reporting suspicious emails to the anti-phishing group at reportphishing@apwg.org or directly to the organization that the email was pretending to originate from.

For instance, if you received an email that claimed to be from PayPal, but it did not look legitimate, you could just forward the message along to spoof@paypal.com. You should then receive a reply from PayPal indicating whether the email was real or not.

Remember, not all suspicious emails are phishing attacks, but not all are harmless spam, either. Considering the number of unsolicited emails and phone messages I receive daily, I’ve developed a thick skin to ignore most of these annoyances.

But it does take a little training and a keen eye to spot some of these targeted spoof emails. If you take the time to study some of them further, you will probably start to see patterns emerge, such as messages regarding medications, insurance, finances, and other common issues that concern our senior population.

It’s important to stay vigilant against hackers and scammers because they are always changing their approaches and messages in attempts to swindle their targets. In the world of digital transactions and communications, trust should never be assumed but rather earned.

We’ve spent most of our lives waiting for letters to arrive in our physical mailbox, so we can wait a few extra seconds before opening and clicking on our emails, too.


Scott Schober is the president and CEO of Berkeley Varitronics Systems, a New Jersey-based provider of wireless test and security solutions, and the author of three bestselling security books: Hacked Again, Cybersecurity is Everybody’s Business, and Senior Cyber. Schober is a cybersecurity expert for live security events, media appearances, and commentary. scottschober.com, @SeniorCyber

Have questions?

We are just a click away!