How Elder Fraud Reveals Gaps in Human-Centric Security TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityOWASP Highlights Supply Chain Risks in New Top 10 ListOWASP Highlights Supply Chain Risks in New Top 10 ListbyJai Vijayan, Contributing WriterNov 10, 20255 Min ReadCyberattacks & Data BreachesGlassWorm Returns, Slices Back into VS Code ExtensionsGlassWorm Returns, Slices Back into VS Code ExtensionsbyAlexander CulafiNov 10, 20253 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllThreat IntelligenceSilver Fox APT Blurs the Line Between Espionage & CybercrimeSilver Fox APT Blurs the Line Between Espionage & CybercrimebyNate Nelson, Contributing WriterAug 8, 20253 Min ReadThreat IntelligenceIran-Israel War Triggers a Maelstrom in CyberspaceIran-Israel War Triggers a Maelstrom in CyberspacebyNate Nelson, Contributing WriterJun 19, 20255 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyber RiskData PrivacyCyberattacks & Data BreachesCybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.Grandparents to C-Suite: Elder Fraud Reveals Gaps in Human-Centered CybersecurityCybercriminals are weaponizing AI voice cloning and publicly available data to craft social engineering scams that emotionally manipulate senior citizens—and drain billions from their savings.Joan Goodchild, Contributing Writer, Dark ReadingNovember 11, 20255 Min ReadSource: Milan Ilic via AlamyA retiree answers the phone one afternoon and hears what sounds unmistakably like her grandson's voice. He says he's been in an accident and needs money right away. The caller knows her name, her town, and details about the family. Panicked, she sends the funds — only later learning that the voice was generated by artificial intelligence and the personal information came from publicly available data online.Such scenarios have become increasingly common. According to the Federal Bureau of Investigation's 2024 Internet Crime Report, Americans over the age of 60 lost nearly $4.9 billion to cybercrime last year, a 43% increase from 2023. And recent analysis by privacy firm Incogni found that in 72% of these elder fraud cases, attackers relied on personal data available online — addresses, relatives' names, phone numbers, even job history — to tailor their scams."Fraudsters don't need to hack anyone when the Internet hands them a dossier," says Chris Olson, founder and CEO of digital safety company Proxyware. "They can sound authentic, look authentic, and automate the next attack within minutes."Olson notes that the same digital profiling systems built to personalize ads and recommend content now give cybercriminals the same precision marketers enjoy. By exploiting the vast data trails people leave online, attackers can craft scams that feel personal, timely, and credible—especially for older adults whose information is widely available through data brokers and "people search" sites. "The same behavioral profiling that serves ads also guides criminals," he says. Related:Zombie Projects Rise Again to Undermine SecurityAccording to Incogni's analysis of FBI data, investment scams topped the losses in 2024—more than $1.8 billion in total, averaging nearly $194,000 per complaint—but phishing and spoofing grew fastest, surging 700% year over year. In Texas, Georgia, and California—the states with the highest losses per victim—seniors lost an average of more than $46,000 per incident. Experts say the real toll is likely higher, since many victims never report crimes out of fear or shame.AI Supercharges the Elder Fraud ConThe generative-AI boom has made impersonation scams almost frictionless. Voices cloned from a few seconds of audio can now plead for help in a loved one's tone. Photos and social-media snippets feed large language models that compose believable messages in seconds. Olson says the underlying problem is the surveillance economy itself. When an algorithm knows you're a 75-year-old widow who likes gardening, it's easy to craft a lure that feels personal.Related:The Best End User Security Awareness Programs Aren't About Awareness AnymoreTo understand the pervasiveness of these lures, Proxyware conducted a pilot program in nine senior communities in Virginia last year. By deploying decoy "personas" that mimicked the residents' typical online activities, the system recorded nearly 16 million attack attempts over a 12-month period. When the decoy identity appeared to be a senior citizen, roughly 1.5% of all webpages rendered included some form of scam or malicious code—double the baseline for other personas."It's like shooting fish in a barrel," Olson said. "The moment the Internet recognizes a user as an older adult, the attack rate spikes."The pilot was conducted in collaboration with LeadingAge Virginia, a nonprofit organization representing aging services providers across the state. Its president and CEO, Melissa Andrews, says digital safety has become inseparable from overall well-being."Residents depend on technology for everything—from connecting with family to managing health records and finances," says Andrews. "But that same reliance opens doors for exploitation. We see phishing, fake tech-support calls, romance scams, and even AI-generated impersonations. Some residents are embarrassed to report what happened, which only increases the damage."Related:Despite More CVEs, Cyber Insurers Aren't Altering PoliciesEducation Isn't Enough; Policy is Needed LeadingAge's members now incorporate cyber awareness into their wellness programming, offering regular workshops, open discussions with families, and “gentle vigilance" that encourages seniors to ask for help without fear of stigma. Still, Andrews admits education alone can't keep up with automated deception. "Even our most tech-savvy staff sometimes struggle to tell what's real," she says.That mirrors a broader problem in cybersecurity, Olson argued. "Traditional defenses protect machines and networks. They don't protect people," he says. "The industry's blind spot is social engineering—the human layer where most modern fraud begins."Lawmakers are starting to pay attention. A bipartisan Financial Exploitation Prevention Act would grant financial institutions greater authority to delay suspicious transactions and require the Securities and Exchange Commission to study ways to curb financial exploitation targeting the elderly. The bill, introduced in the U.S. House of Representatives in March, remains in the Committee on Financial Services, and there is no indication of when it will be considered. The bill was introduced after years of escalating losses. A recent AARP study estimated that older Americans lose $28.3 billion annually to financial exploitation—most often at the hands of someone they know. However, according to Olson, that balance has shifted significantly: five years ago, roughly 80% of elder fraud began with caregivers or family members; today, he says, about 80% originates online.What Security Practitioners Can LearnFor security professionals, experts say, the elder-fraud epidemic exposes the limits of conventional perimeter defense. Every deepfake plea or personalized phishing lure is also a proof of concept for corporate compromise. "Employees of corporations are targeted just like grandmothers," Olson says. He notes that the same digital-targeting ecosystem used to deceive individuals can also breach enterprises when it triggers the right emotional response.Jonelle Gardiner, a certified fraud examiner who works with financial institutions, says she has begun teaching her own parents to pause before reacting to urgent digital requests. "Scammers rely on panic and emergency situations, because even the best of us can be flustered hearing our child has been arrested or kidnapped," she says. "All logic is lost. In short, pause and think — those short five seconds can be the difference between keeping or losing access to your pension."Protecting seniors—and everyone else—will require a combination of stronger privacy regulations, improved consumer education, and industry-wide cooperation to dismantle criminal infrastructure more effectively."We have to look at this as protecting people," Olson said. "It's not just about fixing the Internet—it's about preventing harm before it happens."About the AuthorJoan GoodchildContributing Writer, Dark ReadingJoan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online.See more from Joan GoodchildMore InsightsIndustry Reports2025 DigiCert DDoS Biannual ReportDigiCert RADAR - Risk Analysis, Detection & Attack ReconnaissanceThe Total Economic Impact of DigiCert ONEIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentThe Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025Access More ResearchWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeFEATUREDCheck out the Black Hat USA Conference Guide for more coverage and intel from — and about — the show.Edge PicksApplication SecurityAI Agents in Browsers Light on Cybersecurity, Bypass ControlsAI Agents in Browsers Light on Cybersecurity, Bypass ControlsLatest Articles in The EdgeWhat Makes Ransomware Groups Successful?Nov 4, 2025|5 Min ReadZombie Projects Rise Again to Undermine SecurityOct 30, 2025|7 Min ReadFrom Power Users to Protective Stewards: How to Tune Security Training for Specialized EmployeesOct 29, 2025|7 Min ReadInside the Data on Insider Threats: What 1,000 Real Cases Reveal About Hidden RiskOct 28, 2025|4 Min ReadRead More The EdgeDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

Elder fraud represents a significant and evolving challenge in cybersecurity, exposing critical gaps in human-centric security approaches. The rise in sophisticated social engineering attacks, particularly those leveraging artificial intelligence, is disproportionately targeting senior citizens – and this trend is accelerating. As detailed by Joan Goodchild in a Dark Reading article published in November 2025, the problem isn’t simply a lack of technical awareness among older adults; it’s a systemic vulnerability created by the massive amounts of personal data now readily available online and the ability of criminals to exploit this information with increasingly convincing tactics.

The core of the issue lies in the “surveillance economy,” where detailed profiles are built about individuals based on their online activity. Cybercriminals utilize this information – drawn from data brokers, “people search” sites, and social media – to craft highly personalized and emotionally resonant scams. These aren't brute-force attacks; they are meticulously designed to mimic genuine relationships and exploit the inherent trust that seniors often harbor. The article highlights the dramatic increase in elder fraud losses – nearly $4.9 billion in 2024 in the US alone, a 43% jump from 2023 – driven by attacks that emphasize urgency and distress.

A key element revealed is the speed and automation of these attacks, fueled by generative AI. AI-powered voice cloning allows attackers to flawlessly imitate the voices of loved ones, amplifying the potential for deception. Combined with large language models that generate believable messages in seconds, the barrier to entry for sophisticated scams has been drastically lowered, as demonstrated by Proxyware's pilot program in Virginia, where decoy personas generated nearly 16 million attack attempts over a 12-month period, with roughly 1.5% of rendered webpages including scam code. The alarming rate of 1.5% demonstrates how easily a criminal can capitalize on a vulnerable segment of the population.

The article underscores that traditional perimeter defenses – firewalls and intrusion detection systems – are insufficient against this type of threat. Security measures need to shift their focus from simply protecting machines to protecting people and their behavior. Jonelle Gardiner, a certified fraud examiner, emphasizes that individuals must be educated on the importance of pausing and thinking before reacting to urgent digital requests, acknowledging that attackers exploit panic and emergency situations.

The broader trends highlighted include the escalating use of investment scams (over $1.8 billion lost in 2024) and the rapid growth of phishing and spoofing attacks – a staggering 700% year-over-year increase – largely fueled by the ease with which criminals can impersonate trusted sources. Notably, the attacks are concentrated in states like Texas, Georgia, and California, where senior populations are more prevalent and where the loss per victim is highest.

Responses to address this challenge are beginning to emerge. The bipartisan Financial Exploitation Prevention Act, introduced in the U.S. House of Representatives in March 2025, seeks to grant financial institutions greater authority to delay suspicious transactions and to require the Securities and Exchange Commission to study ways to curb exploitation targeting the elderly. However, the bill remains stalled in committee. Additionally, organizations like LeadingAge Virginia are integrating cyber awareness into their wellness programs, offering workshops and encouraging "gentle vigilance" among residents.

Ultimately, the elder fraud crisis underscores a critical lesson: security is not just about technology, but about human behavior. As Chris Olson, founder and CEO of Proxyware, argues, protecting people means addressing the surveillance economy itself. Preventing harm requires a multi-faceted approach, encompassing stronger privacy regulations, improved consumer education, and industry-wide cooperation to dismantle criminal infrastructure more effectively. The article’s data, combined with insights from experts like Gardiner and Andrews, clearly indicates a need for a fundamentally human-centric approach to cybersecurity where vulnerabilities in human psychology are acknowledged and actively mitigated.