Cybersecurity: Why more needs to be done to help older people stay safe online

As populations age, more elderly people are using the internet - but without awareness of the dangers that can be faced online, they're a tempting target for scammers.

Why we're still losing the fight against phishing attacks Danny Palmer explains that it's not fair to blame users for falling victim to attacks when employers aren't doing enough to help. Read more: https://zd.net/31Oiisg

Cyber criminals and fraudsters will always attempt to go after the most vulnerable targets, and not enough is being done to protect and educate the elderly who are among those most regularly targeted by online scams. 

Much is discussed about protecting the workforce online, but as the web-using population ages there's an increasing number of older web users who are using the internet without an in-house security team to help them navigate the dangers posted by scammers. 

Criminals have always targeted the elderly and away from the protections of an organisation with firewalls, anti-virus protection and other security measures, older users – especially those identified as wealthy – are viewed as an easy target for cyber attackers.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

According to figures from UK's fraud and cybercrime centre Action Fraud, there were over 13,500 reported cases of online fraud targeting people aged 60 and over in England and Wales between April and September 2019 alone – and it's likely that this only represents a percentage of all the incidents that take place.

Be it phishing emails, fake invoices or phoney tech support calls, scammers are attempting schemes against people who, in some cases, are the most vulnerable targets.

"It's depressing. I've been in the garden, heard my neighbour get calls claiming to be from Microsoft and I need wander over and say 'hey' and warn them," says Rick McElroy head of security strategy for Carbon Black.

"We still have to take care of people who are under-educated or have to retrofit their lives to technology they didn't grow up with it. You see this across the globe and scammers definitely go after them," he adds.

Some form of cybersecurity training is offered by employers, because the organisation needs to ensure its perimeter is protected against cyberattacks – and even then cyber criminals can still socially engineer victims into clicking links or handing over details with fraudulent emails that look almost exactly like a legitimate request from a real person.

For people no longer in the workforce the challenge of scams is even greater.

"The population of people who'd fall for that is increasing because the population that's ageing is increasing," says Andrew Brandt, principal researcher for Sophos.

"They have email and get the same spam. There's a certain point at which it doesn't matter how ludicrous it looks, there will be some percentage of the population that is going to fall for this stuff, no matter how absurd everyone else can see it is," he adds.

For example, the attacker can claim that a payment needs to be made – sometimes a large one of thousands of dollars – and the victim can be tricked into transferring the funds to a bank account as they're told to, paying for a fake service that never arrives.

Less brazen attackers might tread more carefully, comprising accounts by phishing then exploiting personal and financial data themselves to steal identities, drain bank accounts and commit other acts of fraud. The victim won't often be aware of the scam until it's far too late – if they even notice at all.

SEE: These are the courses UK police are set to take in cybersecurity

While this group is potentially vulnerable, not enough effort is being put into protecting them.

"Sometimes we ignore some of those groups – we need to listen to them. People have different needs, use computers differently. Sometimes when we think about diversity it needs to be about age and how we're building stuff to meet all people's needs. Security programmes don't do enough around that," says McElroy.

That's not to say there haven't been any awareness drives at all – law enforcement authorities including the FBI in the United States and the Metropolitan Police in the United Kingdom, as well as various charities for the elderly – provide advice for older people on how to avoid falling victim to attacks.

But as the population grows older – and more and more services switch to being predominantly digital and online – the issue of cyberattacks targeting the elderly is only going to become a bigger, more damaging issue if something doesn't change first.

MORE ON CYBERCRIME