Skip to main content

Personal Cyber Security Resources for Older Adults: Phishing

A guide to building personal cyber security awareness for older adults

Introduction- Phishing:

Phishing is the term for when someone tries to scam and trick individuals into giving personal information by pretending to be a trustworthy entity over email or text message.  Online phishing attacks are a method to obtain personal or sensitive information from an individual, an organization, or hundreds of people by tricking individuals into clicking a link or downloading a file in an email. Phishing scams are also purposely directed at older adults because some scammers view older individuals as easy targets. 
 

This page will focus on how to identify and avoid phishing attacks in your email and what to do if you think your personal information has been compromised. 

Covid-19

Update April 2020

The U.S. Department of Homeland Security (DHS) published an Alert (AA20-099A) on April 8th, 2020 stating that the Cybersecruity and Infrastructure Security Agency CISA and the United Kingdom’s National Cyber Security Centre NCSC are seeing a growing use of COVID-19 related theme scams including phishing created by cyber attackers. 

Examples from CISA and NCSC of phishing email subject lines include:

  • 2020 Coronavirus Updates,
  • Coronavirus Updates,
  • 2019-nCov: New confirmed cases in your City, and
  • 2019-nCov: Coronavirus outbreak in your city (Emergency).

Defending Against COVID-19 Cyber Scams -- Published by The Cybersecurity and Infrastructure Security Agency (CISA) providing tips and precautions against phishing and cyber scams. 

The Cybersecurity and Infrastructure Security Agency. (2020, March 6). Defending against COVID-19 cyber scams. https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams


COVID-19 Exploited by Malicious Cyber Actors -- An alert released by The Cybersecurity and Infrastructure Security Agency (CISA) reporting an increase in Covid-19 themed cyber scams. Also includes a summary of types of cyber attacks and resources for managing different types of cyber attacks.  

Cybersecruity and Infrastructure Security Agency. (2020, April 8). Alter (AA20-099A) Covid-19 exploited by malicious cyber actors. https://www.us-cert.gov/ncas/alerts/aa20-099a

Tips

  • It is safe to open and read any email. Just don't click any links or download any attachments until you are sure it is safe. 
  • Links are text that once click will take you to a new webpage. 
    • This is a link to our Introduction page
  • Attachments are files usually found at the bottom of the email. If you hover over the attachment a download button will appear. 

Gmail attachment

Screenshot captured and markups by Hilary Wang of Google's Gmail attachment icon (2020, April 14).

Tools

If you have an Gmail account:

Google Drive Logo

Logo of Google Drive by Google

Open email attachments in Google Drive by selecting the Google Drive symbol instead of the download symbol. This way software is not being directly downloaded to your computer.

Gmail Download Attachment

Screenshot and markups by Hilary Wang of Google's Gmail attachment icon (2020, April 14).

Holmes, H. (2020, April 3). Phishing prevention and email hygiene. Freedom of the Press Foundation. https://freedom.press/training/email-security-tips/


Have I been Pwned:
A simple free tool developed by Troy Hunt, a Australian web security expert, to help users “quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.” Pwned, originally a video gaming term means to be defeated or to get the better of

Books

Phishing : cutting the identity theft line by Rachael Lininger
Published: 2005 ISBN: 0764584987
Ebook Version 
A technical description of what happens during a phishing scam and a step-by 
step direction for discouraging phishing attacks and responding to those that 
maybe have already been phished. 

Phishing for phools : the economics of manipulation and deception by George A Akerlof and Robert J. Shiller
Published: 2015
ISBN: 0691168318

By Nobel Prize–winning economists, this book highlights how the free market is inherently filled with individuals looking to profit and dozens of stories demonstrating how phishing affects everyone through manipulation and deception.  

Phishing dark waters : the offensive and defensive sides of malicious emails by Christopher Hadnagy

Published: 2015
ISBN: 1118958470

Provides context into motivations behind phishing attackers and how to spot a phishing email or a cloned website. Also includes examples of high profiled security breaches that were caused by phishing scams.

Phishing - What to look out for

Phishing usually comes in the form of a message, for example as an email address impersonating a familiar company or someone you trust, like a family member. 

The message is meant to convince you to: 

  • Click on a link. 

  • Open an attachment.

  • Install software on your device. 

  • Enter personal information into a website that is designed to copy a legitimate one.

Phishing attacks may ask you to:

  • Confirm personal information for an account such as a password.

  • Say there is suspicious activity with your accounts.

  • Offer coupons for online shopping in exchange for personal information. 

  • Update payment details for an account like Netflix .

Opening an attachment or installing software from a phishing message, can unsuspectingly install malware on your mobile device or computer. Your device can then be  controlled remotely, allowing others to access your information.

Example of Phishing email:

Phishing email example

 

This example was created by the authors of this libguide for educational purposes and does not reflect a real phishing message from FedEx. (April 14, 2020).

 

If You Responded to a Phishing Message
  • Take a picture or write down the suspicious email address and content of the email and the URL or attachment you clicked. 
  • If you clicked on a link, remember the information you entered.
  • Change your account and email passwords from a different computer or mobile device.
  • Keep a close eye on your bank and credit card statements for activity you didn’t authorize.

File a report:
According to the Federal Trade Commission for consumers: 

  • If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.
  • If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan to see if malware or a virus was downloaded.

Instructions on how to run a scan for Mac OS 

Instructions on how to run a scan for Windows 10

 
If You Spot a Phishing Message
  • If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org.
  • Report the phishing attack to the FTC at ftc.gov/complaint.
  • Federal Trade Commission
  • Mark the email as spam:
  • Delete the email 

Phishing attacks: dealing with suspicious emails and messages -- A guide for individual and families published by the National Cyber Security Centre (NCSC) from the United Kingdom Government outlining what is phishing and what to do if you responded to a phishing message. 
 

National Cyber Security Centre (2020, April 2). Phishing attacks: dealing with suspicious email and messages. https://www.ncsc.gov.uk/guidance/suspicious-email-actions

Web Resources

How to: Avoid Phishing Attacks -- From the Electronic Frontier Foundation, an independent nonprofit that works to educate the public and protect online privacy. This guide outlines on types of phishing attacks and how to defend against a phishing attack. This article is part of the Surveillance Self-Defense guide, which is translated into over 10 different languages. 
 

Surveillance Self-Defense. (2019, October 1). How to: Avoid phishing attacks. Electronic Frontier Foundation.

https://ssd.eff.org/en/module/how-avoid-phishing-attacks


How to recognize and Avoid Phishing Scams -- Published by the Federal Trade Commission on online security. This article focuses on how to protect yourself online, what to do if you think a scammer has your information, and how to report phishing. 
 

Spanish version
 

Federal Trade Commision. (2019, May). How to recognize and avoid phishing scams. https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams


Top 10 Financial Scams Targeting Seniors -- An article from the National Council on Aging that provides an overview of types of financial scams used to target older adults. It includes a section on Internet fraud. 
 

National Council on Aging. (n.d.). Top 10 financial scams targeting seniors. https://www.ncoa.org/economic-security/money-management/scams-security/top-10-scams-targeting-seniors/#intraPageNav5


Gmail Is Catching More Malicious Attachments With Deep Learning -- An article by Lily Hay Newman, a senior writer at WIRED specializing in information security, digital privacy and hacking. Talks about how Google is creating tools to better protect Gmail users from suspicious email attachments.

 

Newman, L. H. (2020, February 25). Gmail is catching more malicious attachments with deep learning. Wired. https://www.wired.com/story/gmail-catching-more-malicious-attachments-deep-learning/