As the baby boomers continue to move further up in their golden years, cyber thieves are seeing a golden opportunity of their own to defraud these older citizens.
Contrary to popular perception, the retiree set is not necessarily without cyber savvy. But, due to a variety of factors, fraudsters are exploiting the insecurities and isolation of the elderly to steal their money and their personal and financial information. Especially now, during the pandemic, older people are more apt to be limited in leaving their homes and are therefore more dependent on phone, text, email and the internet for financial as well as business and personal communications.
Michael B. Cohen, global vice president of operations for MyChargeBack, a consumer advocacy group that helps people recover money lost to online scams, says that financial elder fraud has increased dramatically this year, and expects this trend to continue into 2022. “The COVID pandemic-driven surge of online activity – from shopping to banking to education – has been a boon for fraudsters as well,” Cohen adds.
In 2020, senior citizens lost more than $600 million to fraud, according to estimates from MyChargeBack, as “elder fraud continues to break all-time records across almost all categories of fraud,” says Cohen. And that’s a very modest estimate. The FBI estimates that U.S. senior citizens lose more than $3 billion annually to fraud overall, with schemes that target low-income older adults as well as wealthy seniors.
“The older population presents an ideal victim profile to be targeted,” according to Nick Santora, CEO of Curricula, a security training firm.
Federal Trade Commission statistics estimate that this year so far online shopping scams rose by a whopping 129%, business imposter scams by 88%, investment scams by 84%, tech-support scams by 55% and sweepstakes and lottery scams by 35%, Cohen points out. And given the relative higher net worth of boomers, fraudsters are often taking them for greater amounts; the FTC found that seniors were losing an average of $500 to computer tech support scams alone.
“Financial services fraud among the elderly is certainly a pressing issue, just like sweepstakes calls and other scams, with the ultimate goal to tap into the financial reserves of a vulnerable population,” says Steve Winterfeld, head of global cybersecurity and edge services for Akamai. Since older people are more likely to have larger savings and investment accounts, own a home, and possess other valuable assets, they are choice targets for wily cybercriminals.
“And for those who are online, it’s no surprise that financial services phishing attacks would be permeating more broadly than other age demographics,” Winterfeld says. As a result many of Akamai’s FSI customers are deploying both technical solutions to mitigate fraud, and launching customer education initiatives to encourage customers not to reuse passwords or click on a link rather go to a company website and log in directly.
Sadly, the holiday season provides a particularly ripe opportunity for scam artists to ply their trade with senior citizens, who may find themselves cut off from family or friends and vulnerable to a host of digital tricks – from romance and charity scams, to fraudsters who pretend to be with the IRS or the Social Security Administration. “No senior wants to compromise his or her Social Security" benefits, Cohen points out, adding that there are a broad range of Social Security scams currently. In most cases, they feature imposters claiming to be from the Social Security Administration who coerce seniors into handing over their bank account or credit card numbers, by phone, email or via spoofed websites.
“A common scam during the holiday season is asking for donations,” Santora points out. “It’s a prime opportunity for bad actors to prey upon the giving nature of elderly people looking to make a difference.”
Credential stuffing attacks, which are becoming increasingly popular in the financial sector, are commonly deployed this time of year, according to Winterfeld, who says the theft of login and password remains the most common attack on seniors especially. Typically, the victim will receive a “your account has been compromised” communication, enticing them to enter their credentials on a fake login page; oftentimes, the attacks will say there’s an issue with a gift order or package delivery, again leading individuals to enter their information on a fake company or delivery website page, he adds. There were more than 3.4 billion credential stuffing incidents in the financial services sector last year alone, a 45 percent jump over 2019, according to Akamai data.
For FSIs, the best they can do is keep promoting cybersecurity hygiene and awareness to all their customers, and practice their own due diligence — especially when a request can seem suspicious. For example, Cohen points out, since scammers often favor payment by bank wire, FSIs might examine more carefully when senior customers request a bank wire be sent to a beneficiary, especially when that is out of character for the customer’s account.
“The FSI should carefully review who the beneficiary is to ensure that it is someone the client personally knows or, if it purports to be a service provider, that it is a legal entity operating in full compliance with the law,” Cohen said.
MyChargeBack has returned $20 million to consumers defrauded online via credit, debit and cryptocurrency transactions.