Baby Boomers Top List of Hacking Targets

Baby Boomers Top List of Hacking Targets

Seniors are the most vulnerable and valuable to hackers

by Scott N. Schober, CEO and President of Berkeley Varitronics Systems

My parents and elderly friends cannot recall a year more turbulent and distressing than 2020 in their lives. They have lived nearly twice the life I have so that truly says something. As we enter into the year 2021, we can only hope to see a little less political unrest, a decrease in natural disasters and a fighting chance against the deadliest new virus of this century. However, one thing we can count upon is a rise in cybercriminal activity aimed at baby boomers.
According to some 2018 estimates, fraud against the elderly has reached $36 billion per year but that shouldn’t be a surprise. Americans in their sixties have nearly three times the amount of money saved compared to the average American in their forties. These same folks in their sixties have lived through the personal computer revolution but many are not nearly as tech savvy as their younger counterparts. The generation gap has led the elderly into a security gap as well.

phishing derby

Phishing Derby

One of the most pervasive threats to the elderly are phishing attacks. According to the FBI, these targeted scams alone are responsible for approximately $3 billion in theft every year. Scams range from fake sweepstakes to fake tech support to fake grandchildren. A phishing attack doesn’t always come in the form of an email but since email is so cost effective and popular, it has become the choice of cyber criminals. According to Security Magazine, 3.4 billion fake emails are sent worldwide every single day. If less than one percent of phishing targets reply to an email in some way, the cybercriminals have succeeded. Those that have taken the time to reply – even if it’s just to curse out the cybercriminals – go onto a new list of potential victims. This new list is comprised of real people actively using email. It’s also full of responders that can be grifted for personal information that can be sold on the Dark Web and used against them.

Most phishing emails also contain malware attachments or links to bogus websites waiting to steal usernames and passwords from unsuspecting users. Since most users have an Amazon, Facebook or Google account, it’s simply a matter of crafting a fake email that bears a striking similarity to a legitimate email from those companies. The fraudulent email urges recipients to address an issue with their account and includes a login link. Clicking on this link is akin to handing over your password allowing hackers to go to work, stealing personal and financial data, ordering items and even locking the victim out of their own account. Needless to say, if you were not expecting an email from any person or company, never click on any attachment or link in that email. And if there is a need to login to an account for any reason, simply open a new browser window and manually navigate to that webpage. Phishing emails play on our emotions and sense of urgency. Whether it’s a promise for a COVID-19 vaccine or a once in a lifetime investment opportunity, these emails always have an impending deadline that requires immediate action when in fact, most legitimate offers and important decisions in life allow for rumination.

phishing emails example

A King’s Ransomware

Healthcare has moved to the forefront of many minds in the U.S. and regardless of which side of the nationalized healthcare debate you reside on, disturbing trends are affecting us all. In the age of COVID-19, hackers are targeting doctors, patients and even entire hospital systems through ransomware attacks. Ransomware is deployed through malicious code that encrypts the victim’s data on their own computer. The hacker then demands payment (typically bitcoin which is untraceable digital cryptocurrency) in order for the data to be unlocked again. And while ransomware is not isolated only to the healthcare industry, any extortion that puts innocent lives at risk is particularly insidious. Back in September of 2020, a woman in urgent need of medical attention died as a result of ransomware attacks against a German hospital. Internal servers in the Dusseldorf University Hospital were so infected by ransomware that she was turned away even though it was the closest hospital to her location. By the time the ambulance was rerouted to another hospital more than 30 km away, it was too late.

Unfortunately, this will not be the last time someone dies through the criminal efforts of hackers. According to the FBI, ransomware attacks on U.S. hospitals are sharply on the rise this year. Factor in COVID-19 and the lack of ICU beds at this time and you have a healthcare disaster in the making, but what can hospitals, healthcare professionals or any of us do?

I normally recommend that ransomware never be paid but it’s difficult to follow such advice when human lives are on the line. Nevertheless, hackers and criminals make for terrible business partners and that is exactly what you do when you succumb to their ransom demands. If you haven’t already begun a regular data backup regiment, do so immediately. Regular data backups will not only protect you from a hacker’s ransomware, it will also safeguard your precious data from fire, hard drive failure or just forgetfulness. Regardless of the amount of data, if you have been contacted by a cybercriminal who is holding your data for ransom, contact the authorities immediately. Visit the FTC’s consumer information website OnGuardOnline to learn more about ransomware threats and how to report an incident.

kings ransomware

Thick as Identity Thieves

Another sad fact of getting old is death. As seniors approach their final days, many neglect to shore up their digital loose ends. Sure, they might have their last will and testament up to date and notarized but if they’ve ever ordered something on Amazon, subscribed to Netflix or posted on social media, they need to deal with these things as possible liabilities.  According to AARP’s 2020 Identity-Fraud Report, 26% of respondents ages 65 and older said they had been victims of identity fraud. Identity fraud or theft is when a criminal assumes the identity of someone living or dead in order to commit crimes in their name or simply steal data or finances from them. When a loved one dies, not only must their credit cards be cancelled but also all of their online accounts, social media and subscriptions. There is just too much data that can be gleaned from these sources making them desirable to a hacker. The last thing surviving friends and family need is to deal with a criminal stealing from or posing as the deceased loved one.

Identity theft can happen to anyone but since the elderly are more reluctant to report crimes of this ilk, they are targeted more often than younger people. Some seniors have difficulty remembering strong passwords or understanding how digital transactions work and hackers seize upon these vulnerabilities in order to hack their accounts. And unlike younger people, many seniors find themselves dealing with Medicare forms and social security checks on a routine basis. Any physical mailing or email containing a person’s social security number is another opportunity for identity theft to occur so it’s important to shred all documents and secure all accounts that might contain personal data.

identity thieves

Turn the Page

I’ve been presenting best cybersecurity practices to live and streaming webinar audiences for over a decade now so I can tell you that most of these viewers and listeners are tired of hearing the same old warnings about the dangers of weak passwords and social media. More often than not, I find myself preaching to the cyber choir. Last year, I decided to follow my last two cybersecurity books with something directed towards a different audience. Hacked Again and Cybersecurity is Everybody’s Business were both received well by readers but those were primarily colleagues, professionals, entrepreneurs and people driven to secure their digital profiles. My latest book, Senior Cyber was written for the forgotten generation. In fact, the more I spoke to older folks and began researching their plight, the more I realized that not only are they among the wealthiest of targets for criminals, they are also the most vulnerable for several reasons.

My family lost our 99 year old grandfather in 2019 so I decided to dedicate my 3rd book to him by trying to navigate the digital world through his eyes and experience. Like my grandfather, many seniors missed out on the smartphone revolution and are still afraid to jump in. Hands shaking from arthritis and poor eyesight make tiny touchscreens a difficult proposition for many older folks. Couple that with today’s technology and news cycle moving at light speed and you end up with an entire generation of seniors that can feel left behind by the world. I aim to change that by distilling important and complex security topics down to their basics and ending on easy to implement action items and tips to stay safe.

About the Author

Scott N. Schober authorScott N. Schober is an author, speaker, cybersecurity and wireless technology expert and CEO of a wireless technology company. Scott has presented extensively at cybersecurity conferences and has overseen the development of dozens of wireless test, security, safety and cybersecurity products used to enforce a “no cell phone policy” in correctional, law enforcement, and secured government facilities. Scott regularly appears on network news programs including Fox, Bloomberg, Good Morning America, CNN, MSNBC, NPR and many more. He is the author of Cybersecurity is Everybody’s Business and Hacked Again, a book (“original hacker’s dictionary for small business owners” according to Forbes Magazine) he wrote after being hacked himself in order to help others learn from his own security missteps. His latest book, Senior Cyber: Best Security Practices for Your Golden Years goes on sale in January of 2021.

Scott can be reached online at @ScottBVS on Twitter and at his company websiteswww.scottschober.com and www.bvsystems.com