This article is the second in a three-part series on online safety for senior citizens. While the first installment focused on internet safety basics and navigation, this piece relates to phishing and email scams. As a tech skills trainer for baby boomers, my goal is to empower older adults to navigate today’s digital world with confidence. Technology is consistently advancing. As technology advances, preying on senior citizens also continues to advance. I want seniors to feel protected and confident without being overwhelmed by too much information at once. To help prevent information overload, I share bite-sized, micro-learning tips that make learning about online safety more manageable.
Phishing
Phishing.org lists phishing as a cybercrime targeting individuals to trick them into revealing private and sensitive data. Merriam-Webster Dictionary defines phishing as deceiving internet users through deceptive email messages or websites revealing personal and confidential data to be used illicitly; aka, illegally and dishonestly. Phishing is an advanced scheme and is disguised through various paths that include emails and texts, among other avenues.
The following is a short, animated video about phishing and how it can catch people off-guard. This less than 90-second video depicts users’ innocence and visualizes how easy it is to become a victim of phishing which is why I train baby boomers to build a foundation from which to grow when it comes to protecting themselves online.
Phishing is social engineering
When we first started hearing about phishing, most did not relate it to social engineering. Over time, we have learned to associate the two and understand why phishing is categorized as a form of social engineering. Initially, phishing was associated with more familiar terms like scamming or catfishing. The use of the word “engineering” suggests a legitimate profession, such as electrical or mechanical engineering that creates, designs and manufactures systems and products. Phishing is more sinister by fraudulently creating, designing and manufacturing processes to steal information.
Social engineering common tactics include urgent messages such as, “Respond now or your bank account will be suspended,” or aggressive phone calls specifically targeting older adults that are designed to pressure people into revealing personal details. Phishing is often more complex and sophisticated than many people realize; it can have serious consequences. Staying alert and informed is key to identifying potential threats early and minimizing harm. A graphic from Phishing.org identifies 22 red flags to help identify what could be a phishing attempt. When red flags are outlined in a graphic, it can be eye-opening.
Phishing leads to several pitfalls related to stealing data from user accounts on social media for identity theft. This type of social engineering is multifaceted and complex, involving many other ways to disrupt people’s lives. Mitigating phishing risks involves diligence to remain as aware as possible to manage it effectively before losing too much in the process.
Protection from phishing
The good news is that being proactive and informed goes a long way in reducing the risk, helping individuals recognize threats and acting before any real damage has taken place.
The Cybersecurity and Infrastructure Security Agency (CISA) creates cybersecurity and safety YouTube videos. One brief video, Recognize and Report Phishing, highlights what phishing can do and advice to avoid phishing scams in emails:
- Clicking on attachments could lead to your device being infected with malware.
- Links to fake websites are a form of theft to gain access to your private information without your knowledge.
- Be alert to the sense of urgency to act instantaneously with an immediate request in the subject line and in the body of the email to click on a link where the scammers want people to share their personal data.
- Report deceptive and fraudulent accounts by clicking on a “report” or similar button in the email.
- Delete the phishing email by clicking on the trash can icon near the top of the email.
I also share additional phishing protection information with higher ed learners in the classroom and baby boomers through technology events to encourage them with related knowledge on a personal level. Scammers and hackers know how to reach vulnerable individuals. Every email you receive may not be legitimate. Hover your mouse/cursor over the email address of the sender; does it look suspicious or is anything misspelled? Do not open emails from someone you do not know or trust (if the sender’s logo is blurry, that could be a sign of deception). Do not open attachments or links unless you know exactly what they are (if you did not request a document, do not click on it); trust your intuition.
Do not use public WiFi for personal information (banking, accessing health records, entering credit card numbers). Keep passwords secure and do not reuse passwords for ease of remembering them. When online, sometimes it may not be easy to recognize the letter “o” as shorter and round while the number “0” (zero) is taller and oval. Sometimes a zero will replace the letter “o” in a website address which could indicate deceit. Differentiating between the letter “o” and the zero is easy to miss when quickly accessing a website you find online. Hover the cursor over the website address to determine if a website is legitimate (does everything look valid? Is anything misspelled?).
Lastly, here is a quick way to determine if a website is secure or not. When typing the name of a website to access, there will be a circle to the left of the website address and in it there will be a small circle with a dash next to it and the same dash and small circle beneath it. Click on it and there will be a padlock with a secure message next to if it is a secure website. If the website is not secure, a message will pop up warning that the website is not secure.
Think before you act. Are you reacting to an email that claims to be urgent or are you critically thinking before acting? Are you assessing a website to verify its authenticity or are you assuming it must be a genuine website? Thinking critically before acting involves alertness to deceptive emails, followed by reporting and deleting them and assessing websites for authenticity.
As online threats become more sophisticated, staying informed is one of the most powerful tools senior citizens can use to protect themselves. Phishing is not always easy to recognize, but with continued education, practical habits and a cautious mindset, older adults can confidently navigate living in a digital society. Awareness, not fear, is the foundation of online safety. When in doubt, pause, assess and protect yourself.
Featured image by Mohamed Hassan from Pixabay
Edited by James Sutton
