The FBI has just released its annual Internet Crime Report (IC3) which details what the most prevalent cyber scams are, and what group is most likely to be targeted.
And no surprise, the most frequently targeted group is, of course, seniors.
The Numbers
According to the report, in 2024 there were 859,532 complaints about cyber scams. Of these complaints, 256,256 had actual losses, amounting to $16.6 billion dollars in losses. This is an increase of 33% over 2024.
The average loss was $19,372.
As far as age groups go, People under 20 had 17,993 complaints, and $22.5 million dollars in losses. The other age groups are:
20 – 29: 71,399 in losses, $540.1 million in losses
30 – 39: 108,899 / $1.4 billion
40 – 49: 112,755 / $2.2 billion
50 – 59: 84,540 / $2.5 billion
60+: 147,127 / $4.8 billion
So you can see that we seniors are the group that have lost the most. And why we need to be the most vigilant.
What Types Of Cyber Scams Are The Most Used?
Let’s look at the most cyber scams committed against seniors in 2024. I’ll focus on the ones that we have the most control over. These are in no particular order.
Also understand that a cyber scam could fall into multiple categories. For example a phishing scam can also be categorized as credit card fraud.
Phishing/Spoofing
$20,202,521 lost by seniors.
Of the 147,127 complaints made by seniors, 23,252 were phishing and spoofing scams. These cyber scams involve an email, phone call, or text message pretending to be something they’re not. Phone numbers can be easily faked, but email addresses are not as easy to spoof.
There’s really no way to tell if a phone number is fake. That text could look like it’s from your bank when it’s not.
Email addresses can’t easily be faked. Sure, it might look like your bank, but if you drill down into the actual address, you’ll see something that sometimes is similar to what they’re pretending to be, but other times it’s so far different from the real address it’s laughable.
The best practice is to never trust any text, phone call, or email from any sensitive institution that’s asking you to call a number or go to a website. If you think the message is real, look up the number or website address yourself.
And always understand that no one from a legitimate institution will ever ask you for a password or PIN to identify yourself. They don’t know those secrets, so they would not be able to verify what you gave them is correct.
Tech Support
$982,440,006 lost
16,777 complaints about tech support were made by seniors. This cyber scam usually starts with a popup on a computer or phone telling the victim that their device has been compromised somehow. Usually a bright red warning that you have a virus.
Most of the time, this happens because you went to a website that has been compromised, or maybe you accidentally mistyped the address. You see, criminals will set up websites with similar names to popular sites. Maybe “amazun.com”, or “emay.com”, hoping that someone will mistype an address and wind up there.
The popup will direct you to call a number, then the tech support person will prompt you to download and install an app that will let them into your computer to “fix” the problem. Once they’re in they will show you some scary looking log that makes it look like you have major problems.
From there, many things can happen. They might convince the victim to give them a credit card to fix their (non existent) problem, or maybe they will install real malware on the machine such as a key logger or ransomware. Or they could do both.
The thing to do if someone gets that big red popup is ignore it. You’re not infected. The virus protection software on both Windows and Apple machines don’t act like that.
Romance Scam
7,626 complaints / $390 million dollars lost
This is the cyber scam I get the most, usually 7-8 a week, although the past couple of weeks I haven’t received many. Do cyber criminals take spring break?
This one usually begins with either a “wrong number” text message where the victim gets a text something like “are you going to the meeting today?”, Or “are we still meeting for lunch?” When the intended victim responds that they have a wrong number, the scammer, pretending to be a woman, apologizes and then proceeds to tell the victim that “she” would still like to be friends.
Sometimes the text message says “I found this number in my contacts, do I know you?” then proceeds with the same “can we be friends?” spiel.
Of course I always lie about marital status, workplace, etc.
The conversation with this scammer can sometimes go on for days or weeks until one day “she” needs money for something. Or “she” has just found a great investment opportunity and “she” would like to let the victim in on it.
Notice how “she” wanted me to switch to Telegram instead of “Talktone” (Talkatone).
Talkatone is a VoIP (Voice over internet protocol) app for making calls and texts with a virtual phone number. The scammer gave themselves away by revealing that they were using it instead of a normal number.
Scammers will use messaging apps like telegram or WhatsApp because people can buy Bitcoin or other crypto currency in those apps. Also see that when I refused to move to Telegram, “she” stopped chatting.
As I said, I get these constantly.
Just report these texts as spam and block the number. That won’t help much as the number is spoofed, but maybe if you do that enough they’ll get the message. Although that hasn’t worked for me yet.
Extortion / Grandparent Scam
$24,901,693 lost by seniors
A common theme for this cyber scam is a child or grandchild in trouble and they need money. This one has more than doubled from 2023 to 2024 because criminals can now use AI to impersonate the voice of the person in trouble.
12,618 complaints in 2024 compared to 5,396 in 2023.
This cyber scam works because one of the things criminals depend on is to instill urgency to their victims. The child has been arrested and needs money now. The grandchild has been kidnapped and is in danger of harm if the victim doesn’t come up with the cash. Here’s an example of someone who was the target of one of these scams.
If you get one of these, just try to contact the person who is in trouble. 99.999% of the time you’ll find that they are OK.
Delivery Scams
$76,794,753 lost
7,646 instances of this type of cyber scam reported. The victim receives a message via text or email saying something like:
“We tried to deliver your package, but no one was home”, “Your package is waiting for you, confirm delivery details”, or “Delivery failed. Please reschedule.”
I’m guessing that if you sent an email to that address they would send you a link to reschedule or track the delivery but actually leads to a fake website designed to look like a real courier company. If you click the link they ask for personal information: like your address, phone number, or even credit card details (claiming there’s a small “redelivery fee”).
Sometimes it contains a .pdf file that, when opened, can infect your computer.
If you’re expecting a package, contact the company who is shipping it, if not, this message goes into file 13.
Overpayment
This one usually comes in an email with an attached invoice informing the victim that their credit card, bank, or PayPal account has been charged, and thank you for your business.
Seniors lost $5.9 million dollars to this cyber scam in 2024.
The victim calls the number in the message to complain that they didn’t purchase anything. The “Customer Service” representative says no problem, they will get you your refund asap. They will need the person to install an app (similar to the phishing scam above) so they can facilitate the refund. They can then get you to log into your bank, except the website you’re logging into is fake. They now have your user name and password to your bank and can drain your real account dry.
Even if you have 2FA (2-factor authentication) set up, they have a way to get into your account. See this article on how criminals can bypass 2FA.
That being said, 2FA is still a good way to protect your accounts. If you don’t have it set up, do that now. If you don’t know what 2FA is, read about it here.
If you’re really concerned that one of your accounts has been charged incorrectly, ignore the link in the message. Simply check your account. If you don’t see a transaction, send the email to spam.
Other Cyber Scams
There are many other categories of cyber scam, and many scams can fall into multiple categories. For example, the romance scam can also be an investment scam.
And the overpayment and missed delivery scams can also both be considered credit card fraud.
See the FBI’s report for more details.
Cryptocurrency
I didn’t attempt to touch crypto scams, that’s an article on its own. I’ll work on that one at a later date.
Conclusion
Seniors are the most targeted group for cyber scams, resulting in substantial financial losses. It is crucial to be alert and educated about the common tactics used by cybercriminals to protect yourself.
