“My name is Shahryar Hemmati. I’m 24 years old. I’m from Iran. I’m inventor and prober.”
So began a phishing note that appeared in my LinkedIn message center—obviously erroneous, but instantly entertaining. Posthaste, I read on about a mysterious invention he needed to fund for “all people of the world.” If that wasn’t heartwarming enough, the enterprising youngster wanted to establish a company to market his bumptious ingenuity, claiming “my inventions wanna help progress of humanity.” He had a website, too, and my next investment opportunity was a mere click away.
“Thank you,” Hemmati concluded. “Have nice time.”
LinkedIn encourages vigilance among its members, as you would expect. But, it doesn’t seem to thwart the Shahryar Hemmatis of the world. In fact, phishing is on the rise. The Anti-Phishing Working Group (APWG), a coalition of more than 2,000 companies around the globe that advises governments, trade organizations, and other groups, reported that phishing is at a five-year high. There were just under 124,000 attacks in the second half of 2014—and about the same number in the first half of this year.
Importantly, it’s affecting large numbers of retirees and senior citizens. The Stanford Center for Longevity reported that seniors are 34% more likely than those in their 40s to have lost money on Internet financial scams. And, security expert Amy Nofziger of the AARP Foundation who contributes to the AARP Fraud Watch Network—a resource center and watchdog—reports that 1 in 44 fraud cases involving seniors goes unreported.
Are they easy to spot, these links that beg for your click? Sometimes. The top five top-level domains, according to APWG, included .com and .net, but they also included .tk, .pw, and .cf. (Hemmati’s was .a.g—making it a little weirder than most.) And, apparently, only 1.9% of phishing messages contain a recognizable brand name, enchanting you through familiarity rather than, say, the logic of an unbeatable investment. A scam on a professional networking site like LinkedIn can be all the more difficult to detect, but similar unexpected scams thrive in different contexts.
According to Kaspersky Lab, a security software company that runs the news and analysis site Securelist, 2015 saw an uptick in new domain names such as .work or .science that may or may not actually have anything to do with either work or science. When they do, they’re advertising household maintenance, for instance, or distance learning programs for nurses. Color-themed domains like .pink or .red? They’re usually Asian dating sites.
Observers point to messages and ads incorporated into online dating sites as another phishing pond. And, the National Council on Aging notes that emails about a tax refund that appear to be from the IRS ropes seniors in by asking them to “update” their information.
“You would not imagine how many ‘IRS’ cases I have on my desk right now—it is the number one reported scam,” says Nofziger. “The thing we say is that the IRS will never call you from an overseas area code, they will never call you as a first communication about your return, they will not threaten you with foul language, and they will never ask you what your social security number is because the actual Internal Revenue Service already knows what it is.”
As comical as it seems to get carpet bombed by an obviously unprofessional IRS employee, Nofziger says it’s no joke. Seniors, especially older ones, are emotionally and psychologically susceptible to these attacks—which is why they are such frequent targets.
“If you take an 85 year old woman who lives alone and you have a scammer yelling at her over the phone—telling her she’ll be arrested if she doesn’t pay up,” says Nofziger, “she’s going to be scared.”
Addressing common frauds among seniors—from telemarketing to counterfeit prescription drugs—the FBI also outlines how credulity plays a role in what seem like no-brainers to Millennials, Gen X-ers, or even some Boomers on its “Common Fraud Schemes” tips page. Americans born between 1930 and 1950 tend to be “polite and trusting”—too often saying yes to something when they should say no. Or, worse, if they want to say no, they don’t. The AARP Fraud Network and other watchdogs encourage a direct approach that is neither polite nor impolite by having what Nofziger calls a “refusal script.” Tech support scams rank number two on the list and a simple line, for instance, about “I don’t even own a computer, but thank you,” followed by a quick hang-up will do the trick.
The FBI also points out that if older Americans are aware they have been defrauded, they either don’t know how to report it or are too ashamed about the snookering. Devastatingly, some seniors remain silent for fear that their family members will question their mental capacity to be financially independent.
Nofziger says education is the best weapon and beefing up reporting on an otherwise underreported crime is the only way that AARP and others can continue to educate seniors on new scam tactics.
“One of the most common things I hear form seniors is, ‘I don’t want to waste anyone’s time by reporting it. I learned my lesson,’” she says. “Seniors are intelligent and experienced people. They just get taken sometimes by a crook with a line. Reporting is essential if we are going to help them or anyone else not get taken again.”