Criminals often use email phishing scams to steal money and personal information. People of all ages can stay safe by following a few best practices. For example, never click a link within an email or download an attachment if the message was sent from someone you don’t know— even if, at first glance, it looks to be from a legitimate source.
Phishing emails have been around since email took off in the mid-1990s, and scammers continue to innovate new ways to “reel in” potential victims.
These scams can take many forms, from messages that appear to come from banks or government agencies to urgent pleas from someone pretending to be a family member in distress.
Email scams are constantly evolving, so knowledge is your best defense. Let’s explore how phishing scams work, why older adults are often targeted, and the steps you can take to protect your inbox.
Understanding phishing email scams
In a phishing email scam, a fraudster may pose as a reputable institution—such as a bank, subscription service, popular retailer, or government agency. Or, the fraudster may pose as a friend or stranger in need.
From there, they prompt you to share personal information (like your Social Security number, address, or password) or financial details (such as a bank or credit card number), which can then be used to commit identity theft or financial fraud.
How do the phishers use email to capture your info? Some scam emails prompt you to download a file that harbors malware (short for malicious software). Some malware is designed to steal data or otherwise damage or spy on your computer system.
Other bogus emails include a link to a phony but legitimate-looking website, which may prompt you to enter sensitive personal or payment information.
Phishing schemes commonly play out over email; however, keep in mind that phishing can also occur on social media and over the phone (either through voice calls, also known as “vishing,” or text messages/SMS, also known as “smishing”).
How email scams impact older adults
Anyone with an email address is at risk of receiving phishing emails, but according to the Federal Bureau of Investigation (FBI), Americans 60 and older are hit hardest by cybercrime, including email attacks.
Data from the FBI shows that in 2023, nearly 3,000 seniors reported losing money to phishing-related scams—but the true number is likely much higher.
According to Marilyn Mott, Community Outreach Director with the Better Business Bureau, many fraud cases (maybe even the majority of them) go unreported.
What to do if you’ve fallen for a phishing scam
If you think you may have taken the bait from a phishing email, don’t panic—and don’t ignore it. Here’s what to do next:
Immediately disconnect from Wi-Fi, which can help prevent the spread of malware.
Change your passwords for key accounts, including your email and online banking accounts.
Monitor for signs of identity theft, such as suddenly being locked out of one of your accounts.
If you’re an Allstate Identity Protection and you suspect identity theft has occurred, give us a call. Our experts are available 24/7 to help you recover.
How to spot phishing emails
According to Mott, these three common scam types often target older adults via email:
Imposter scams: Phishers may pretend to be a representative from a service provider (like Netflix, Amazon, or Apple) who’s notifying you about a change or an error with your account. You’re prompted to enter credentials or payment info, but if you enter details, they could be captured by the scammer.
Family emergency scams: A fraudster may claim to be someone you know who’s in trouble and needs help—but it’s all a ruse to capture your money or payment information.
Lottery scams: Scammers email to say you’ve won money or another prize, but you need to pay a small “processing fee” to accept your winnings. They may take your money, but they’ll never send a prize.
Regardless of the set-up, there are a few red flags that should tip you off:
Misspellings, grammatical errors, and blurry images or logos can all signal that a message is a fake.
Urgent requests for money should be regarded with suspicion. Legit institutions won’t sound desperate for payment, and it’s unlikely that a real friend would ask for help this way.
“Corporate” messages deployed from a non-corporate email provider, such as an @gmail or @yahoo address, can be another red flag.
Requests that money be wired or sent via gift card should be ignored; those modes of payment are hard to recoup should fraud occur, notes Mott.
How to protect your email inbox
Aside from knowing the warning signs, what can you do to stay safe?
Approach any unsolicited emails with caution—especially those that include a link or attachment. Do not download anything from a person you don’t know (even if it appears to come from an organization that you trust). And if you receive an email from a friend or family member that seems at all out of character—or lacks context for a link or download—delete the email and move on.
Be cautious when sharing your email address. Though marketing emails are harmless, reducing the messages you receive in general can ensure you have ample time and patience to carefully examine each one. If your email account’s riddled with “spam”—whether that’s marketing emails from your service providers and/or phishing attacks —consider creating a new email account that you share only with your bank, doctors, and other legitimate institutions.
Be wary of any digital requests for confidential information. “Whenever someone is asking you for personal information, it is good to take a deep breath and ask yourself if you know the person asking, why are they asking, and what are they going to do with the information you provide?” says Mott. “Never provide any private info, such as your Social Security number, credit card number, or checking account information unless you know the person or entity you are giving the information to.”
Don’t delay on software updates. Computers and smartphones come with antivirus software, but they require regular updates to stay effective. It may be a hassle to restart your computer after running an update, but it’s better than leaving your computer vulnerable to malware.
Take steps today to minimize damage tomorrow. One of the best ways to do this is to set strong and unique passwords for every account. That way, if you do accidentally share login credentials with a phisher, it’s less likely they’ll be able to tap into multiple accounts. When choosing passwords, use complex codes with letters, numbers, and characters; don’t repeat passwords from site to site; and activate multi-factor authentication for your email account.
What to do if you’ve fallen for a phishing scam
If you’ve already engaged with a website or email that seems suspicious, don’t ignore it. Immediately disconnect from Wi-Fi, which can help prevent the spread of malware.
Then, change your passwords to key accounts (like to your email account and online banking platforms), and monitor for signs of identity theft and fraud.
If you’re an Allstate Identity Protection member and you think you’re experiencing fraud, go ahead and give us a call. Our representatives are available around the clock to help you take the necessary next steps to protect your identity.
