Grannyware: Attacking the most vulnerable digital population
by Mars Cacacho, Senior Security Engineer
15 September 2021
Once upon a time when the internet was still in its infancy, school children were the target audience for programmes aiming protect the most vulnerable people online. However, times have changed and nowadays, young people are tech savvy, digital natives who just need to be trained in “netiquette” and how to deal with cyber-bullying. This isn’t the case for the other large vulnerable population in society: the elderly.
New kid on the block
It’s not controversial to say that much of our senior population has not fully grasped or adapted to the pace of rapidly advancing technology. Many of our grandparents have been lost in transition during the paradigm shift to the digital age. This opportunity is obvious in fraudsters’ prying eyes, who love to follow the money.
Millions of Britain’s elderly fall prey to a multitude of frauds annually. These senior citizen scams range from lottery, romance, sweepstakes, and false promises. In fact, according to Age UK – the largest charity for older people in the United Kingdom – almost five million older people (65+) believe they have been targeted by scammers. Given the stats, more than a million may have fallen victim to pension scams, investment scams, postal scams, doorstep scams, and telephone scams.
In addition, the fraud chain usually becomes unbreakable given that older victims may not fully comprehend what struck them or know how to report the scam. In addition, they are often embarrassed at having been scammed or may think they’ll lose their independence or control over their own finances if they tell someone, which leads many people to keep completely silent on the matter.
On another note, the “youngest” senior citizens happen to be baby boomers. These new retirees are more likely to be familiar with office productivity apps and perhaps were the first people in their respective families to own mobile phones. However, whilst they may be more equipped with tech fundamentals, they are still not adept at recognising social engineering, which has massively progressed in the last few years.
Gramsomware and party
Why wouldn’t cyber criminals zero in on our grannies? They tend to be polite, helpful, and potentially gullible. The elderly innocently fall for clickbait simply because they can be overly trusting. They also have deep pockets and broad resources earned from decades of hard work, which makes them viable and perfect victims for scammers.
Imagine being in your twilight years and having to conjure answers to secret questions to retrieve an account, but you also have dementia which is why you forgot your password in the first place. One would rather use the same credentials across accounts, save passwords in the browser, write plaintext passwords on sticky notes, or even save them in their phone. This makes an easy target for a trickster.
Since they’re often fond of browsing the net or exploring social media due to their ample free time, OAPs can encounter mimicked charitable websites or health related posts which could be injected with malvertisements that drop despicable malware. In times when pop up error messages appear, instead of looking at knowledge base articles and confidently doing the troubleshooting themselves, our grannies resort to calling for assistance. Cognisant to this, technical support scams have thrived.
You may have also heard stories of ransomware victims who were just surfing the net like any other day, but instantaneously got locked out with a ransom note to either pay or lose their files, leaving one poor granny no choice but succumb to extortion rather than lose her life’s treasured memories.
Crypo and the shifting digital landscape
With the rise of cryptocurrency’s popularity, senior citizens start to rally in unfamiliar grounds not because they want to invest wholeheartedly, but because they have the financial means to do so. Eventually, as Mark Twain once said and reiterated by Al Gore in An Inconvenient Truth, “What gets us into trouble is not what we do not know. It’s what we know for sure that just ain’t so.” This results in identity theft, and for some, providing sensitive banking information to unknown parties. As crypto operates on anonymity, there are threat actors lurking for opportunities to prey on senior citizens’ wealth.
It’s right to say that the threat landscape has shifted to big game hunting, but this doesn’t exclude our senior citizens from receiving mass spam/phishing campaigns via frantic emails.
Speaking of which, many of our executives, especially those handling emeritus posts, fall in this older age group, and whaling attempts are still as rampant as ordinary phishing. Lessons from recent breaches remind us that it just takes one vulnerable machine for an entire network to go down.
Should we discourage older people from using the internet?
We’ve previously operated on a preconceived notion that majority of the elderly are technophobes. However, times have changed, and they are now saturating the internet. Instead of making them cynical and apprehensive to use the latest technology, let’s help them be more informed about the dangers out there, how to spot them, and who to ask for help if they do become a victim. We need to make sure that our loved ones understand they have lifelines in the digital world.
As Grandparents’ Day is just around the corner, let’s remember that our senior citizens are still part of the cyber ecosystem, and fending off online threats is everyone’s business.