Get Your Free Internet Safety Guide for Seniors

Understanding Common Scams Targeting Older Adults

Scams directed at seniors have become increasingly sophisticated. According to the FBI's Internet Crime Complaint Center, adults over 60 reported losses exceeding $1 billion in 2022 alone, with the average victim losing between $3,000 and $10,000 per incident. Understanding the mechanics of these schemes is the first step in protecting yourself.

Learn About Colorado DMV Appointment Scheduling Options →

One prevalent scam involves romance and relationship deception. Scammers create fake profiles on dating websites or social media platforms, building emotional connections with older adults over weeks or months. Once trust is established, they manufacture a crisis—a medical emergency, business problem, or travel mishap—and request money through wire transfer, gift cards, or cryptocurrency. The emotional investment victims have made in the relationship makes them more likely to overlook warning signs. These schemes often involve requests to keep the situation secret or to send money quickly before the scammer "disappears."

Tech support scams represent another significant threat. You may see a pop-up window on your computer claiming your system has been infected with malware or that your account has been compromised. The pop-up displays an urgent-sounding message with a phone number to call. When you call, the scammer poses as a technician and talks you through "fixing" your computer while actually installing malicious software or gaining access to your passwords and financial information. These scammers may even offer to refund your money if you're not satisfied, building false credibility.

Grandparent scams exploit emotional relationships and urgency. A scammer calls or texts claiming to be your grandchild in legal trouble or facing a medical emergency. They ask you to send money immediately via wire transfer or gift cards, often instructing you not to tell other family members. The scammer may use information from your social media profiles to make the story more believable. Many victims report feeling embarrassed afterward and don't immediately report the crime, allowing the scammer to target other family members.

Prize and lottery scams tell seniors they've won a contest they never entered. The message claims you need to pay taxes or fees to claim your winnings. No legitimate lottery or prize requires upfront payment. These scams can arrive via email, text message, phone call, or traditional mail.

Practical takeaway: When you receive an unexpected message requesting money, contact the person or organization using a phone number or website you find yourself (not from the message you received) to verify the request is genuine. Legitimate organizations rarely demand immediate payment via wire transfer or gift cards.

Building Strong Passwords and Protecting Your Accounts

Your passwords are the primary defense against unauthorized access to your email, banking, shopping, and healthcare accounts. Research from the AARP shows that many seniors use the same password across multiple websites, which means one compromised password puts all their accounts at risk. Creating and managing strong passwords requires understanding what makes a password difficult to crack and how to store that information securely.

Learn About Social Security 1099 Request Forms →

A strong password contains at least 12 characters and includes a mix of uppercase letters, lowercase letters, numbers, and symbols. Rather than using dictionary words or personal information that can be guessed (like birth dates or pet names), consider creating a passphrase—a sequence of random words that you can remember but others cannot easily predict. For example, "BluePenguin47!Lamp" is stronger than "Sarah2024" even though the second is shorter. The randomness makes it exponentially harder for criminals to crack through automated guessing.

Many people create weak passwords because they're easy to remember, but this leaves accounts vulnerable. Instead of trying to memorize complex passwords for every account, consider using a password manager—a secure software program that stores all your passwords behind one strong master password. Legitimate password managers include Bitwarden, 1Password, LastPass, and Dashlane. These tools encrypt your passwords and only you can access them with your master password. While password managers may seem complicated initially, they actually reduce the mental burden of password management.

Two-factor authentication (also called two-step verification) adds an extra layer of protection. With two-factor authentication enabled, someone attempting to log into your account must provide something you know (your password) and something you have (like a code sent to your phone). Many banks, email providers, and social media platforms offer this feature. Enabling it on your email and financial accounts is particularly important, since an attacker who gains email access can reset passwords on your other accounts.

Never share your passwords with anyone, including family members or customer service representatives. Legitimate organizations will never ask for your password. If someone calls claiming to be from your bank or tech company and asks for your password, hang up and call the organization directly using a phone number from your statement or official website. Also avoid writing passwords on sticky notes left near your computer or keeping them in an unencrypted document on your desktop.

Practical takeaway: Start by updating the passwords for your email and banking accounts to use at least 12 characters with a mix of uppercase and lowercase letters, numbers, and symbols. Consider whether a password manager might help you manage multiple strong passwords across your various accounts.

Recognizing Warning Signs in Suspicious Emails and Messages

Phishing emails are crafted to look legitimate while attempting to trick you into revealing sensitive information or clicking a malicious link. The FBI reports that phishing remains one of the most common ways criminals gain access to personal and financial information. Learning to spot the red flags can prevent you from becoming a victim.

Learn About Senior Programs in Your Area →

A typical phishing email may claim to be from your bank, PayPal, Amazon, or another service you use. The message states there's a problem with your account—unusual activity detected, a payment failed, your password needs updating, or your account will be closed unless you take action. The email includes a button or link labeled "Verify Your Account," "Confirm Your Information," or "Update Your Password." When you click the link, you're taken to a fake website that looks almost identical to the real one. You enter your username and password, and the scammer captures this information.

Red flags to watch for in suspicious emails include misspelled words or poor grammar, which legitimate companies typically avoid. Check the sender's email address carefully—scammers may use addresses that look similar to legitimate ones. For example, an email claiming to be from your bank might come from "customerservice-bankname.com" rather than the actual bank domain. Hover your mouse over links (don't click them) to see where they actually point. If a link says it goes to your bank but actually points to a different website, it's likely phishing.

Legitimate companies rarely ask you to confirm passwords or full account numbers via email or by clicking a link. If you receive such a message, don't click anything. Instead, go directly to the company's official website by typing the address into your browser or calling the customer service number on your statement. Ask whether the email is genuine. Most companies have a way to report phishing attempts—often a "Report Phishing" link or an email address like phishing@companyname.com.

Text message phishing, called "smishing," is increasingly common. You may receive a text claiming to be from your bank, a delivery service, or Apple stating "Click here to update your payment information" or "Your package is being held—confirm delivery address." These texts use urgency and authority to bypass your critical thinking. The same principle applies: if you're uncertain, contact the organization directly using a phone number you find yourself.

Emails from unknown senders requesting personal information, even if they seem to offer something valuable, should raise suspicion. Be cautious of emails claiming you've inherited money, won a prize you didn't enter, or need to claim a tax refund. These may be advance-fee scams designed to get you to send money or reveal information.

Practical takeaway: Before clicking any link in an email or text, pause and ask yourself: Did I initiate contact with this company? Does the sender's email address match the official company domain? Is the message asking me to confirm sensitive information? If you answer no to the first question or yes to the last, contact the organization directly before clicking anything.

Steps to Take If Your Information Has Been Compromised

If you believe your personal or financial information has been stolen, taking prompt action can minimize damage. Time is critical—the sooner you respond, the better your chances of preventing fraudulent charges or identity theft. Understanding the sequence of steps to take provides a clear action plan during a stressful situation.

Free Guide to Understanding Browser Tab Management →

First, if you suspect fraudulent activity on a financial account, contact your bank or credit card company immediately. Most institutions have a

This guide is for general information only and is not medical, financial, legal, or other professional advice. For decisions specific to your situation, consult a qualified professional. See our Editorial Policy.