My father is 71. He's sharp, well-read, and spent 35 years as an engineer. Last year he almost wired $4,200 to someone impersonating his bank.
The email was convincing. It used his full name. It referenced his account type correctly. It had the bank's logo and color scheme. It said his account had been flagged for suspicious activity and he needed to verify his details within 24 hours.
He called me before clicking. We checked together. It was a phishing email — a sophisticated one, personalized using data from a breach he probably didn't know had exposed his information.
He did everything right. He still almost fell for it. And he's not unusual — he's typical of how these attacks work against older adults.
The FBI's Internet Crime Complaint Center (IC3) has consistently reported that adults over 60 suffer the highest financial losses from internet crime of any age group. In 2024, losses reported by seniors exceeded $3.4 billion — and this represents only reported losses. The FBI estimates the actual figure is significantly higher because many incidents go unreported.
Why are older adults targeted more aggressively?
They have more savings. The financial reward for successfully defrauding someone over 65 is statistically higher than targeting younger demographics. Attackers follow the money.
They grew up in a higher-trust era. People who came of age when institutions were generally trustworthy developed communication habits based on that trust. A letter from your bank was from your bank. A phone call from a doctor's office was legitimate. These instincts — appropriate for their original context — create vulnerability in an environment where sophisticated impersonation is cheap and automated.
They're less likely to have someone to check with. Younger people often have colleagues, friends, or family members they can quickly consult. Many older adults live alone or have social networks that don't include tech-comfortable people who can validate suspicious communications.
Their data is extensively documented. Decades of financial history, property records, healthcare relationships, and public records mean older adults have more data in broker databases — and more data available to attackers for personalizing phishing attempts.
They're the fastest-growing online population. Smartphone adoption among adults 65+ crossed 75% in 2025. More older adults are online than ever before, which means the attack surface is expanding rapidly.
Attackers targeting older adults use specific techniques calibrated for this demographic:
Government agencies are among the most impersonated senders. Social Security Administration emails claiming your benefits are suspended. Medicare communications requiring immediate verification. IRS emails about outstanding tax liability.
The approach exploits the tendency to comply with institutional authority — an instinct that's entirely appropriate in genuine interactions but creates vulnerability when the institution is being impersonated.
Important: The IRS, SSA, and Medicare do not initiate contact through email or phone. They communicate by postal mail. Any email claiming to be from these agencies requesting personal information or payment is a scam. Full stop.
These are the most financially damaging. Fake security alerts. Account suspension notices. Fraud verification requests. The emails are visually convincing — logos, color schemes, and formatting copied from the real institution's communications.
What makes them particularly effective against seniors: genuine banks do send security alerts. The instinct to respond to bank security concerns is correct. Attackers exploit this correct instinct with fake alerts.
The rule: Never click a link in a security alert email. Always go to the bank's website by typing the address directly into your browser, or call the phone number on your bank card.
These often arrive by email but are designed to get you to call a phone number. The email claims your computer has been infected, your antivirus has expired, or your account has been compromised. Calling the number connects you to a fraudster who will attempt to gain remote access to your computer — and from there, to your financial accounts.
Longer-term fraud schemes often begin with email contact that gradually builds a personal relationship before introducing financial requests. These affect all age groups but seniors are disproportionately targeted.
An email (or often a call, but sometimes initiated by email) claims that your grandchild is in trouble — arrested, in an accident, hospitalized — and needs immediate financial assistance. The urgency and emotion of the appeal short-circuits critical thinking.
This section is written specifically to be shared with or read by older adults who are newer to understanding how email scams work.
Your email address is valuable. Companies collect it when you sign up for things. They sometimes sell it to other companies. Criminals buy these lists and use them to send fake emails designed to look real.
A real email address is not proof of a real sender. Criminals can make emails look like they come from your bank, your doctor, or the government — even though they don't. The name and logo can be copied. Even the email address shown can be faked in some cases.
The safest rule for any email asking you to do something: Don't click any links and don't call any phone numbers in the email. Instead, look up the organization directly using a phone book, a trusted website you've bookmarked, or by calling a number you already have on a bill or card.
If an email creates urgency or fear: Slow down. Legitimate organizations give you time to respond. Urgency and threats ("your account will be closed in 24 hours") are manipulation tactics. When you feel rushed, that's the signal to slow down — not speed up.
Here's a step-by-step system that's simple enough to implement and genuinely effective:
Address 1 — Your Real, Private Email: Use this only for people you know personally (family, friends, doctor, actual bank). Never share this email publicly. Never use it to sign up for websites. This address stays nearly spam-free because almost no organizations have it.
Address 2 — A Sign-Up Email: Use this email for any website that asks for an email address. Because it's separate from your personal email, even if it receives spam and scam attempts, your private email remains clean and safe.
For even better protection, use a temporary email from TempMailMaster.io for one-time sign-ups where you just need to receive a confirmation. This email exists for a short time and then disappears — meaning spammers and scammers can never find you through it.
When an email arrives asking you to do something — click a link, call a number, provide information — before doing anything, check:
Does the email address look right? Your bank is @yourbank.com, not @yourbank-security-alert.com or @bankofamerica-secure.net. The part after the @ should be exactly the official website address.
Did you expect this email? If your bank is contacting you out of nowhere about a security issue you didn't know about, be suspicious.
Is it creating urgency or fear? These are manipulation tactics. Real organizations don't threaten to close your account in hours.
If you're unsure, verify through a channel you trust — not the one in the suspicious email:
This one step — verification through a trusted channel — stops nearly all email scams.
If an email claims to be from any of these organizations and asks for any of this information, it is a scam.
If you're reading this to help an older parent, grandparent, or neighbor:
Have a calm conversation, not a lecture. Shame and condescension make people less likely to reach out for help in the future. The goal is to have someone they'll call when they're unsure — not someone who makes them feel foolish.
Establish a "check with me first" agreement. For any email requesting money, personal information, or urgent action, the understanding is: call or text before responding. Most phone calls last less than two minutes and can prevent significant financial loss.
Help them set up the two-email system described above. This is a concrete, actionable step you can do together in an afternoon.
Bookmark trustworthy websites on their browser. Their actual bank's website. Medicare.gov. SSA.gov. Having the right URL bookmarked reduces the risk of landing on convincing fakes.
My parent already has one email address for everything — is it too late to set up the two-address system? Not at all. The new sign-up address goes to new websites going forward. The old address continues being used for existing relationships. Over time, you can migrate important contacts to the private address if desired. The improvement begins immediately with any new sign-up.
What should I do if my parent has already responded to a suspicious email? Don't make them feel bad — just act quickly. If financial information was shared: contact the bank immediately, report potential fraud, and ask about fraud protection options. If passwords were shared: change those passwords on every account using them. If a scammer has remote access to the computer: disconnect from the internet and contact a tech-support professional (someone you know, not one from an email).
Are phone scams more dangerous than email scams for seniors? Both are significant threats. Phone scams are often harder to evaluate in real-time (less time to think, more social pressure). Email scams are easier to examine carefully if you know what to look for. The skills for evaluating suspicious communications — slowing down, verifying through trusted channels — apply to both.
How do I explain "temp email" to an older adult who isn't tech-savvy? Think of it as a temporary mailbox. When a store asks for your address to send a receipt, you could give them a PO box instead of your home address. The receipt arrives at the PO box, you pick it up, and the store never knows where you actually live. A temp email from TempMailMaster.io works the same way — websites send their verification emails there, but they never get your real email address.
Published: June 2026 | Author: Arslan | Category: Senior Safety & Email Privacy