How Can Older Adults Protect Themselves From a Cyber Attack?

Daughter educating her older father about cyber security

With technology quickly advancing, it can be hard for anyone – at any age – to keep up. Unfortunately, for many older Canadians, that can make them a potential target for cyber attacks.

ZoomerMedia Ltd.’s CTO, Yaniv Or, based in Toronto, which owns several entities including Zoomer magazine that primarily caters to Canadian retirees, suggests that the elderly may be more vulnerable to the global increase in cybercrime due to several factors: greater net worth; a larger technology proficiency gap compared to younger generations; and the difficulty in establishing significant social relationships as they age.

According to Jeff Horncastle, acting client and communications outreach officer for the Canadian Anti-Fraud Centre (CAFC), cyber-enabled fraud accounted for roughly 70 per cent of overall losses reported to the CAFC in 2022. In the first six months of 2023, seniors (age 60+) lost $96.8 million to fraud overall (from all solicitation methods), which accounts for 34 per cent of overall loss ($283.4 million).

“For the most part this is well-orchestrated, sophisticated, organized crime operations behind this,” Horncastle says.

Fraudsters can take personal and financial information to access personal bank accounts, credit cards or sensitive data, to apply for government benefits, take over social media or personal accounts.

What Are The Cyber Threats Everyone Should Know?

These are some of the most common:


One of the most common tactics for cyber criminals is phishing, or impersonating legitimate institutions to trick people into sharing sensitive information like passwords, social insurance numbers or credit card information. They’ll try to get people to click a link embedded in a phishing email where they’re asked to provide personal information, or to open attachments and deposit malware on their devices.

 “Spear phishing” occurs when fraudsters research their victims, craft personalized messages and address recipients directly. “Smishing” attacks occur when cyber criminals use text messages to send malicious messages.


There are several different kinds of malicious software, or malware, such as viruses, trojans, worms and ransomware. These are designed to attack and disable computer systems or gain unauthorized access. Malware can come in via email attachments, websites that have been compromised, malicious apps or infected software.

Social Media Scams

Social media is a place where users create and share content, as well as take part in networking. Unfortunately, direct messages via social media platforms like Facebook or Instagram are another way to get you to hit a link or download a malicious file.

Fraudsters create fake accounts, social media bots, compromise existing accounts or create fraudulent advertisements to scam social media users.

Frauds can also be initiated through dating websites. “With loneliness and reduced social connections, seniors are more open to this type of scam,” Or says.

Identity Theft

Older adults can be more lucrative targets to identity theft because they have had a longer time to accumulate personal and financial information. Whenever you use social media, financial services, cloud services, web browsers, online subscriptions, and online databases your data or personal information is being collected.

Tips to protect your information online

Understanding cybersecurity threats is the first step for adults over the age of 60 to protect their money and identity. Here are a few tips to protect yourself, according to CAFC:

  • Ignore and delete unsolicited emails (as well as phone calls or mail) asking for personal or financial information.
  • Deny requests for your Social Insurance Number, since your SIN is key to your identity and an important tool for scammers.
  • Never open an attachment in suspicious messages or from unknown senders and do not click links in any emails or texts that look suspicious.

“Never click on any links anyone sends you which you did not expect, even if it seems to come from a friend,” Or says.

  • Don’t share everything through email and social networking sites.
  • Reject automatic login features that save your username and password. Make sure you re-enter your login credentials each time.
  • Create strong and unique passwords for every online account, including emails, social networks, financial and other accounts.
  • Set up multi-factor authentication (MFA), such as getting a verification code sent to a trusted device wherever possible.
  • Delete apps you don’t use on your phone.
  • Change the default name and password on your Wi-Fi network to avoid data breaches
  • Make sure all online shopping transactions are done on secure Wi-Fi networks and on trusted websites.
  • Purchase reputable anti-virus software from a trusted source for all your devices.
  • Check your credit report with the credit bureau at least once a year, via Equifax Canada and TransUnion Canada.

The Canadian Bankers Association also has some good information on how to protect yourself and your bank accounts from frauds and scams.

“Scammers tend to try and push people to make a decision under pressure, and this impairs our judgment,” Or says. “We all need to remember that no ‘official’ entity [government or private] will ever threaten us, give us a tight deadline or ask for our personal details when they call us.”

In the end, if you’re uncertain if you’ve been a victim, don’t be ashamed to share your concerns or ask for advice. “Even the best experts in the world will not always be able to know what a scam is and what is not,” Or says.

Anyone who suspects they have been a victim of an online scam or fraud should report it to the police, go to the CAFC’s online reporting system or call 1-888-495-8501.

Disclaimer: This information and the websites referenced are provided for your convenience only and should not be construed as providing legal or insurance advice. Allstate does not control or guarantee the accuracy of any content on any third-party site.  Allstate is not responsible for the privacy practices of any third-party site.