I’m sure you’ve all heard this story before, often from your parents or grandparents. The general theme is, “I’ve got nothing to hide. If someone wants to hack into my computer then let them do it.” Such an attitude can only come from people who do not understand what hackers can do with a person’s personal information. It is an attitude that is expanding with the increase in the number of elderly, as many elderly computer users seem to be somewhat naïve when it comes to cyber security. For this reason, the elderly are increasingly becoming targets for hackers. This vulnerability is augmented by the growth of the Internet of Things (IoT) which hackers can use to penetrate a network and gather information. Often, elderly computer users believe they understand the cyber landscape because they can do email and may even have a Facebook account. The idea that their smart TV may allow hackers access to their privacy has never even occurred to them. Any other linked devices in their homes likely have the same default password they were packed with. In short, the elderly may as well hang a neon sign outside their homes saying, “Cybercrime Victim Within”.
With this attitude in mind, Grandma Patsy Walsh decided to let some hackers try to hack into her computer and home. As most naïve users believe, she thought she didn’t have enough high tech stuff to offer the attackers a way into her life. She said she had no ‘things’ connected to the internet and about the most advanced action she did was set up a Facebook account. She also said she would never write about herself on Facebook, so it was unlikely that the hackers could learn much about her from that.
All this may have been true, but the first thing the hackers did was check out her FB page to do a little social engineering. They noticed she liked a particular site so they sent her a phishing email pretending to be someone from that site. The email asked her to fill out a form, which she did… with her email address and password. This took 10 minutes. They also learned that she used the same password for a number of sites. With this information alone, they could have stolen her identity, if that was their goal.
Next, they came to Grandma’s house to meet her. She welcomed them, as most grandmothers would, with sandwiches and iced tea. “They’re very polite”, she said of hackers Reed Loden and Michiel Prins. She later invited them to come over to Thanksgiving dinner.
While at her house, the hackers were able to take control of her garage door and TV. Her first reaction to this was that these hacks were not important. The hackers explained that if someone had access to her garage they could arrange to steal whatever was in there. If they had access to her TV, they could arrange to have an adult channel come on during a visit from the local minister. She admitted that such a situation “would be a little shocking to guests”.
Next, the hackers were able to retrieve both her and her daughter’s email password from the router. Once in Ms. Walsh’s email account, they were able to find an email that contained her social security number and others that gave them her insurance information. Had they wanted, they could have used this information to steal her identity, get a credit card, and buy things online. Ms. Walsh would one day be surprised to find that her bank account had been cleaned out. Grandma had been hacked.
But, interestingly, the hackers learned that they weren’t the first to find that Grandma was hackable. About 20 malware programs were found secretly doing their dirty work on her computer. They also found that her FB page had also been hacked before they had gotten there. What’s the big deal? A hacked FB page enables the hackers to send messages to all of her contacts. If your grandmother doesn’t think this is so important, ask her how she’d like all of her friends and family to get a message from her inviting them to view some porn site that she supposedly likes, or suggesting that they visit some site with extremist views that she does not at all subscribe to. That should sober her up.
There are other hacks or scams out there that target naïve, elderly, internet users. The so-called Grandparent Scam has been around for years. With a little social engineering, which almost always begins with mining a Facebook page, a hacker will determine whether the person has any grandchildren and, with luck, find their names in the contacts or, even more conveniently, in a folder designated as ‘Family”. Then comes the email to grandma. My car has broken down, I was robbed and lost all my money, I am sick and in the hospital, in short, the grandchild is in trouble and needs to have money wired to them immediately. The email is signed with the correct name and, if the attackers have learned that the grandchild is now vacationing in a certain place, may even mention that place to make the email seem even more authentic. To help out their endangered grandchild, grandma must wire money to a certain address.
There have always been conmen, but in the older, simpler times, they mostly had to lie to you face to face. Grandma was probably pretty good at picking out a conman from an honest man. That comes with life experience. With the internet, conmen take advantage of the elderly’s lack of cyber experience plus their natural desire to help someone in need, especially if it is a family member or a friend. Older people simply can’t believe that someone would be so evil as to pretend to be a sick family member to get their money. Unfortunately, in today’s world, the anonymity that comes with the internet allows people to behave in ways they would never consider in the physical world.
So with all of this in mind, probably the best gift you can give your older, cyber-naïve relatives would be a good basic lesson in how to recognize and deal with phishing emails. Nigerian princes probably really don’t need their help, their grandchild is probably not wasting away in an Uzbekistan prison, the handsome guy who likes their profile probably lives in Ghana and doesn’t care what they look like at all, as long as they have a bank account, and those celebrity photos or funny videos that their friends want them to see aren’t worth the risk of viewing. More importantly, don’t let them get away with the idea that they have nothing a hacker would be interested in. Tell them they may be endangering their friends and family with their irresponsible behavior and that might make them reconsider. If they say they have nothing to hide, tell them that after the hackers get through destroying their reputation, they probably will have.