Why are senior citizens a hot target for cyber hackers?
Cyber hackers have been very much interested in Senior Citizens which raises the question of why? This can be attributed to different factors which come into play. Firstly, Senior citizens are perceived to have huge savings waiting and untouched, it will only make sense for cybercriminals to harness this gold mine. Another factor is they are easier to sway. Senior citizens exhibit high attributes of Trust and Susceptibility as a result of Aging. According to a 2020 research on Trust and Susceptibility in Aging, result pointed that Senior Citizens may be more susceptible to phishing attacks than younger citizens.
Furthermore, as people grow old perceived trust increases while sensitivity to untrustworthy information declines. Senior Citizens easily trust interaction with others according to studies. This brings clarity to why our parents are usually the first to share misinformation on social media platforms like WhatsApp, because of their inability to recognize lies. Avid example for this will be ‘forward this message to 20 contacts to keep your WhatsApp active’ and the other kinds of broadcast messages we receive frequently.
A 2018 study by US Federal Trade Commission on elder financial fraud revealed that Senior Citizens of 80 and older were victims of scams resulting in a huge amount of individual loss compared to other age groups.
Read Also: NCC alerts users as hackers target telcos
We can say that younger citizen compared to Senior Citizens may be more persistent in their susceptibility to most importantly, phishing and other related cyber-attacks. Senior Citizens are susceptible to attacks like identity theft, personal information attacks. Personal information includes names, Account Numbers, BVN, NIN, and Date of Birth, and others alike. This kind of attack is referred to as social engineering attack. Some of the popular social engineering methods include the following.
Phishing (Catch them with a Net)
Spear Phishing (Catch one with a Spear)
Vishing (Convince them to enter the Net)
Smishing (Catch them with another type of Net)
Phishing: Usually the attacker sends an email claiming to be from a reputable source compelling you to perform specific actions. A typical scenario would be receiving an email with a link stating something potentially wrong with your bank account. When the user clicks on the link they see a similar page to login to their Internet banking. This kind of page is mostly fake, set up to harvest your bank account and password for fraudulent purposes.
Spear Phishing: This specific technique is when an attacker would have done prior research about the target. In a typical scenario, the attacker would create an email that appears to come from her bank’s relationship officer or familiar office. This kind of attack is very specific and the victim is more likely to fall for the scam since she recognized her relationship officer as the supposed sender. The user clicks on the link and sees a similar page to their Internet Banking application for transactions.
Vishing: Similar to the other attempts but in this case the attackers try to trick the victim into disclosing sensitive information over the phone. An attacker calling victims and posing to be from their Bank is a well-known Vishing scam. The caller asks for sensitive information like card PAN numbers, 3 digit CVV, and soft tokens while they try to complete fraudulent transactions with the users’ details online. Vishing scams like the one often target older individuals, but anyone can fall for a Vishing scam if they are not aware of this method and skims.
Smishing: This attack is done over malicious text messages being sent to the victims.
A notable mention includes Baiting, this is when a victim is faced with an enticing benefit to lure them into the trap set by the attacker. This is mostly an origin of an attack to distribute malware on the victim’s devices. A baiting scheme usually offers free services, promises, bonus credit in an attempt to get the victim to click on a link or provide sensitive information. This is mostly done through social media platforms like Facebook and WhatsApp. Sometimes baiting could originate from personal contact whose identity has been stolen online. The attacker uses this stolen identity to trick other members into the individuals’ contact, spreading the attack.
How can these kinds of social engineering attacks be identified? Although even the most aware cyber security professional can be socially engineered, it is important to watch out for these flags online. Some of these include;
An Email or Text message asking for immediate assistance
An Email or Text asking you to donate to a charitable cause
A Phone conversation of an unknown contact responding to a question you did not ask
An email or text message asking you to verify your information by providing sensitive information.
Olowu is a Cybersecurity expert currently working with a Nigerian bank