Cyber safety and online security have been a growing concern for years, affecting everyone online from social media users and the casual email sender to business owners and large corporations. However, seniors—categorized as individuals over the age of 60— are particularly vulnerable. In the past year alone, we’ve seen the rise of artificial intelligence (AI), as well as the refinement of deep fake technology, making the scam industry more sophisticated than ever before. These advancements, and the perception that seniors are not very tech-savvy or aware of these developments, mean seniors are frequently targeted by scammers looking to capitalize on their perceived lack of knowledge and good financial standing.
So, what to do? Whether you’re a senior, an adult child of aging parents, or just interested in the topic, we’ve interviewed two experts on cyber safety and will be exploring the scam industry in Canada. We’ll cover what technology is being used, current trends in online security and scams, common mistakes, and how to identify a phishing scam or harmful email.
To empower seniors with strategies and best practices to navigate the digital landscape securely, we collaborated with Sean Hiebert, Senior IT Advisor at StillWater IT Solutions, and Larry Keating, President and CEO of NPC DataGuard, to bring you invaluable insights and expert guidance.
Cyber Security Q and A
How have online security concerns changed in the past five years?
SH: Over the past five years, cyber threats have become more advanced. This includes smarter phishing attacks (tricking people into revealing sensitive info), more complex ransomware (software that locks your files until you pay a ransom), and increased threats from Internet of Things (IoT) devices (like smart home devices). People working from home have also raised new security challenges.
LK: Coming out of the pandemic, we saw a rise in supply chain attacks. Those are attacks on the products and online services we use that are infected right at the source. We all have to be careful that we buy products and services from quality companies. What has been the most problematic though is that in the past year, AI has had a profound effect on the quality of especially phishing emails that are now sometimes nearly impossible to discern visually.
Are online security issues evolving or simply adapting to new tools and technology?
SH: Online security issues are both evolving and adapting. New technologies and trends, like AI and remote work, are creating new types of security risks. At the same time, hackers are getting smarter and using these new technologies to launch more sophisticated attacks.
LK: It’s both. Cybercrime is among the most lucrative criminal activities in the world with many cyber gangs and activities being nation-state sponsored. There is a lot of effort being put into improving the efficacy of the threats and the monetization processes. Unfortunately, the more technology we use, the more attack surface we create. Personally, and professionally. The good news, though, is that like an arms race, we are developing more and more amazing security defenses that when properly used are very effective. And they are available and economical for individuals and even the smallest businesses.
How are developments with AI and deep fake technology changing the landscape of online security?
SH: AI and deep fake technology (creating realistic but fake videos or audio) are making scams and attacks more sophisticated. These technologies can create fake content that’s hard to distinguish from real, leading to more effective phishing attacks, misinformation, and security challenges.
LK: AI will have the greatest impact on cyber threats from both an offensive and defensive perspective since cyber crime began. The quality of threats, automation of attacks and speed to deploy new attacks are increasing due to AI. We all need to take the appropriate measures to protect ourselves and our businesses. Using better quality anti-malware and SPAM screening tools that are driven by AI and using multi-factor authentication everywhere (that’s the process of taking a second step to log in after you enter your login name and password) is critical.
How big is the scam industry in Canada and/or worldwide?
SH: The scam industry, especially in Canada, is large and costly. There are thousands of reported fraud cases and millions of dollars lost annually. Cyber attacks on companies are frequent, with a significant percentage of businesses experiencing successful cyberattacks.
LK: According to the Canadian Anti-Fraud Centre, fraud is reported almost 100,000 times per year with an impact of more than $500 million stolen annually from Canadians. But keep in mind it is estimated that only about 10% of fraud and cybercrime are reported. Worldwide, fraud and cybercrime combined amount to multi-trillions (yes, with a ‘t’) in losses annually.
What are the common trends in online security/scams you are seeing right now?
SH: Current trends in scams include financial scams through payment apps, investment scams (like fake cryptocurrency investments), romance scams on dating sites, online shopping scams with fake websites, and more. Scammers are using increasingly sophisticated methods, including social media and employment scams.
LK: Ransomware and phishing attacks remain at the top of the charts. Stealing someone’s credentials to get into their accounts or online services, or stealing their personal details to create false identities is common.
What are common mistakes that you see people make that could be easily avoided or corrected?
SH: Common security mistakes include using weak passwords, clicking on suspicious links in emails, ignoring software updates, not using two-factor authentication, and oversharing personal information on social media. Avoiding these mistakes can significantly improve online safety.
LK: Well, nothing about cyber threat today is easy. But the biggest mistakes we see are those who think they are too small or too obscure to be a target. Everyone who is online is a target. Also, dated equipment and software that is not the latest version or is unpatched is risky. And possibly the worst mistake is not enabling multi-factor authentication (MFA or 2FA) because it is “inconvenient.” Multi-factor authentication is an incredibly powerful threat defense. Along with encryption, it’s one of the best ever.
How do you identify a phishing scam or harmful message/email?
SH: To spot a phishing scam, look for odd email addresses, generic greetings, urgent or threatening language, requests for personal info, spelling mistakes, suspicious links, or attachments, and offers that seem too good to be true. Always verify before trusting an email.
LK: Watch for anything, no matter how small, that is out of the ordinary. Your bank or a service asking for information (your bank never will now), someone is changing where a payment goes, a request to install software on a device, a too-good-to-be-true offer, urgent or threatening language, requests for personal information, generic greetings, and grammatical or email quality inconsistencies. And never click on a link or a document you did not expect. But know that as AI becomes more prevalent, these obvious weaknesses will go away and only superior defensive tools like advanced threat protection and AI-driven SPAM filtering will catch it.
Do you have any advice for readers on how to identify a trustworthy Email?
SH: A trustworthy email should come from a known and correct email address, use personalized information, have consistent branding, correct grammar, coherent content, and shouldn’t pressure you with urgency. Be cautious with links and attachments and verify the authenticity if in doubt.
LK: Do your best to verify the sender. Always look at the sender’s address and ensure you know who they are, and the address is correct, down to each letter in the address. Look for personalization or comments that make sense. Call the sender to verify details. We no longer recommend to our clients sending attachments through email, we recommend a secure portal that both parties log into to share files.
In Closing
In the rapidly evolving landscape of online security, the past five years have witnessed a surge in sophisticated cyber threats, emphasizing the need for heightened awareness and proactive measures. The prevalence of scams, supply chain attacks, and the impact of AI-driven tactics underscore the importance of staying informed and adopting robust security practices.
To navigate this dynamic digital environment, individuals, especially seniors, must prioritize strong passwords, stay vigilant against phishing attempts, and leverage advanced security tools. As technology advances, so must our defences. By embracing multi-factor authentication and remaining cautious in online interactions, individuals can play a crucial role in maintaining a secure online environment.
In the face of these challenges, educating yourself and sharing information is key. By fostering a culture of cybersecurity awareness and adopting emerging technologies, we can collectively work towards a safer digital future.
Takeaways
Takeaway 1
Increased Sophistication of Cyber Threats: Cyber threats have become more advanced over the past five years, with smarter phishing attacks, complex ransomware, and heightened risks from Internet of Things (IoT) devices. The use of AI has made phishing emails more challenging to discern visually.
Takeaway 2
Common Security Mistakes: Strengthening passwords and using two-factor authentication enhances online safety. Avoid using weak passwords and sharing personal information on social media.
Ignoring software updates is a mistake. Ensure you are regularly updating software to help patch vulnerabilities.
Clicking on suspicious links in emails is risky. Verifying the legitimacy of emails and avoiding unexpected links improves security.
Takeaway 3
How to Identify a Trustworthy Email
Check Sender’s Address: Verify the sender’s address, ensuring it is correct and matches known contacts.
Personalization and Consistent Branding: Trustworthy emails often include personalized information and consistent branding.
Avoid Urgency and Verify Links: Be cautious of urgent requests and verify links and attachments before clicking. When in doubt, verify the authenticity of the email.