Education: the Key to Protecting the Elderly from Scams

Apr 25, 2018 by

The hardest part of parents and grandparents adopting technology is their often blind trust in companies and their representatives. A cleverly worded email, text message, or phone call, and suddenly they are the victims of a ransomware attack they initiated by downloading an app or sharing their password.

These types of attacks are tough to prevent. Unfortunately, you can’t constantly monitor everyone. Making systems to secure makes it difficult for them to do their job. We are aware of how hard encryption is to break so the human factor is our point of vulnerability. Education about phishing scams is the key, but we must relay the importance of those things in a way that will be accepted: with empathy, reassurance, yet firm guidelines.

Email Scams

While it seems these should be simple to avoid, hackers continue to get more clever all the time. While you can filter .vbs files to keep links from coming through in the first place, often these emails will contain phone numbers or request an email response that will lead to either a download or trick the recipient into revealing their password or other personal information.

These emails are often masterfully created. The hackers buy domain names that are similar to those of large companies and create dummy email accounts that look legitimate.

While it should go without saying, individuals need to be educated on the fact that most legitimate companies will not ask for your password over the phone. Even when they are helping you reset it, they do not require that you share the password with them.

The second key to preventing this type of attack is the use of two-factor authentication. This asks the user for something they have and something they know before their password will grant them access. Unless they also provide the hackers with this code as well, attacks can be prevented.

Phone Calls

A more direct approach is a phone call. This will often send users into a panic, but they trust that the call is legitimate, especially if it comes to their cell phone. The scammers can find these numbers pretty easily though, and it opens a layer of trust that an email often does not.

If they can get the recipient to either download software or surrender personal information, they have an entry into whatever system they are trying to gain access to. Think of the Home Depot hack: the attack did not originate on Home Depot servers, but through a vendor who had access. If your company has a BYOD policy, simple access to one part of your user’s system could open a portal to your system as well.

The way to combat this is twofold. First, education of users that companies will again not request password information over the phone. Also, let them know what when asked to download apps, they should request that they call the person back at their company phone number and extension. If the number does not match any of those on the company website or the caller is unwilling to offer that option, the call is likely a scam.

Text Messages

This one is even tougher to combat. The reason is that companies often do legitimately communicate through text messages, even sending two factor authentication codes and links.

While this access may not get them directly into a computer network, often users have their passwords and other information stored in contacts or notes on their phone. With this information, easily gained once the hacker has access to the phone, they can then use another device to gain access to a network.

In this case, the key is to encourage users of your network to not keep passwords on their phones unless they are secured by additional passwords. Discourage the use of notepad and contacts as a way to save login information, especially work information. Encourage encrypted password lockers instead.

Also discourage use of personal phones for business, and vice versa. That way the risk of passwords n browsers is much lower. Also, you can restrict business phones with protective software, and make sure that the user knows to call IT before downloading any apps or following any instructions sent via a message of any kind.

You can do all you can to secure your systems and your network, but the human factor is the one thing you cannot control completely. The more secure we make things, the cleverer they get, and this makes our jobs even more challenging. Education is the key along with some careful planning. As long as there are people on both sides of a secure network, there will be weaknesses. It is up to us to close them whenever possible.

Print Friendly, PDF & Email

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.