Online Safety for Seniors: Targeted Threats and Resources

Adults aged 65 and older represent one of the most frequently targeted demographics in online fraud, identity theft, and scam operations, accounting for losses exceeding $3.4 billion in 2023 (FBI Internet Crime Complaint Center, IC3 Elder Fraud Report 2023). This page maps the threat landscape specific to older adults, describes the mechanisms through which exploitation occurs, and outlines the professional and regulatory resources available across the national service sector. The Online Safety Listings catalog connects researchers and service seekers to vetted organizations operating in this space.

Definition and scope

Online safety for seniors refers to the structured set of protective practices, service categories, regulatory frameworks, and intervention resources that address cybersecurity threats directed at adults aged 60 and above. The Federal Trade Commission (FTC) and the FBI's Internet Crime Complaint Center (IC3) both designate elder fraud as a distinct enforcement and reporting category, reflecting the scale and specificity of threats faced by this demographic.

The scope encompasses four primary threat domains:

1. Financial fraud — unauthorized access to bank accounts, investment scams, and wire transfer deception
2. Identity theft — credential harvesting through phishing, fake login portals, and data broker exploitation
3. Technical support scams — impersonation of legitimate technology companies to gain remote device access
4. Social engineering — romance scams, grandparent scams, and impersonation of government agencies

The Adult Protective Services (APS) network, administered at the state level under the Elder Justice Act (42 U.S.C. § 1397j), provides the primary human services response layer when online exploitation crosses into financial abuse or neglect. The FTC's reporting mechanism at ReportFraud.ftc.gov and the FBI's IC3 portal serve as the federal intake infrastructure for criminal referrals.

How it works

Exploitation of older adults online follows identifiable operational patterns that differ from general-population cybercrime in key structural ways. Threat actors targeting seniors frequently rely on trust-based deception rather than purely technical intrusion, because most successful elder fraud incidents involve the victim authorizing transactions or access rather than suffering unauthorized system compromise.

The exploitation sequence typically proceeds through these discrete phases:

1. Target identification — Scammers harvest contact information from data brokers, obituary listings, voter rolls, or social media profiles. Adults who have recently experienced bereavement or retirement transitions are disproportionately targeted.
2. Trust establishment — Initial contact is made through phone, email, or social media. Impersonation of Social Security Administration (SSA) representatives, Medicare officials, or tech company agents is documented in IC3 complaint data as the most common contact pretext.
3. Urgency induction — False threat narratives — suspended benefits, compromised devices, arrested grandchildren — create time pressure designed to bypass deliberative decision-making.
4. Payment extraction or access grant — Victims are directed to purchase gift cards, authorize wire transfers, or install remote access software such as AnyDesk or TeamViewer. Gift card payments were the leading payment method in reported elder fraud losses per the FTC Consumer Sentinel Network Data Book 2023.
5. Secondary exploitation — Established access or personal data is leveraged for additional fraud cycles or sold on criminal marketplaces.

Technical protection mechanisms — multi-factor authentication, email filtering, and device management tools — address phases 2 and 5. Behavioral and educational interventions operate at phases 3 and 4. The Online Safety Directory Purpose and Scope page describes how service categories within this directory are classified against this threat architecture.

Common scenarios

Three scenarios account for the largest share of reported elder fraud complaints filed with the IC3 and FTC:

Government impersonation scams involve callers or emailers claiming to represent the SSA, IRS, or Medicare. Victims are told their Social Security number has been suspended or linked to criminal activity. The SSA Office of Inspector General (SSA OIG) maintains a dedicated reporting portal for these impersonation cases and has documented consistent annual increases in complaint volume since 2018.

Tech support scams generate a deceptive alert — frequently a pop-up browser message or cold call — warning of device infection. The scammer directs the victim to grant remote access, after which banking credentials or direct payments are extracted. The IC3 reported that adults over 60 filed 17,696 tech support scam complaints in 2023, representing losses of over $590 million (IC3 Elder Fraud Report 2023).

Romance and confidence fraud operates over extended periods — weeks to months — through dating platforms or social media. This category consistently produces the highest per-victim losses in the elder fraud segment, with median individual losses exceeding $10,000 per the FTC's Consumer Sentinel data.

The contrast between technical-access scams (tech support, account takeover) and confidence scams (romance, grandparent) is operationally significant for service providers: technical scams require device forensics and credential remediation, while confidence scams require financial institution intervention and trauma-informed support services.

Decision boundaries

Determining which service category or regulatory pathway applies to a given elder fraud situation depends on the nature of harm and the stage of exploitation:

• Active financial loss in progress — Contact the financial institution's fraud department immediately, followed by the FBI IC3 at ic3.gov and the FTC at ReportFraud.ftc.gov.
• Identity compromise without confirmed financial loss — File with the FTC's IdentityTheft.gov portal, which generates a personalized recovery plan under the FTC's authority at 15 U.S.C. § 45.
• Device access granted to unknown party — Requires disconnection from network, device assessment, and password rotation across all linked accounts. This falls within the service scope of cybersecurity remediation providers listed in the Online Safety Listings.
• Suspected financial exploitation by a caregiver or family member — Routed through state Adult Protective Services, not federal law enforcement intake, under the Elder Justice Act framework.
• Preventive education or community outreach — Addressed by AARP's Fraud Watch Network, the National Council on Aging (NCOA), and state-level Area Agencies on Aging operating under the Older Americans Act (42 U.S.C. § 3001).

The How to Use This Online Safety Resource page provides navigational guidance for identifying the appropriate service tier when multiple pathways appear applicable.

References

• FBI Internet Crime Complaint Center (IC3) — Elder Fraud Report 2023
• Federal Trade Commission (FTC) — Consumer Sentinel Network Data Book 2023
• Federal Trade Commission — ReportFraud.ftc.gov
• Federal Trade Commission — IdentityTheft.gov
• Social Security Administration Office of Inspector General (SSA OIG)
• FBI Internet Crime Complaint Center (IC3)
• Elder Justice Act — 42 U.S.C. § 1397j (Congress.gov)
• Older Americans Act — Administration for Community Living (ACL)
• National Council on Aging (NCOA)
• AARP Fraud Watch Network