Cybercriminals are weaponizing AI voice cloning and publicly available data to craft social engineering scams that emotionally manipulate senior citizens—and drain billions from their savings.
by Joan Goodchild
A retiree answers the phone one afternoon and hears what sounds unmistakably like her grandson's voice. He says he's been in an accident and needs money right away. The caller knows her name, her town, and details about the family. Panicked, she sends the funds — only later learning that the voice was generated by artificial intelligence and the personal information came from publicly available data online.
Such scenarios have become increasingly common. According to the Federal Bureau of Investigation's 2024 Internet Crime Report, Americans over the age of 60 lost nearly $4.9 billion to cybercrime last year, a 43% increase from 2023. And recent analysis by privacy firm Incogni found that in 72% of these elder fraud cases, attackers relied on personal data available online — addresses, relatives' names, phone numbers, even job history — to tailor their scams.
"Fraudsters don't need to hack anyone when the Internet hands them a dossier," says Chris Olson, founder and CEO of digital safety company Proxyware. "They can sound authentic, look authentic, and automate the next attack within minutes."
Olson notes that the same digital profiling systems built to personalize ads and recommend content now give cybercriminals the same precision marketers enjoy. By exploiting the vast data trails people leave online, attackers can craft scams that feel personal, timely, and credible—especially for older adults whose information is widely available through data brokers and "people search" sites. "The same behavioral profiling that serves ads also guides criminals," he says.
According to Incogni's analysis of FBI data, investment scams topped the losses in 2024—more than $1.8 billion in total, averaging nearly $194,000 per complaint—but phishing and spoofing grew fastest, surging 700% year over year. In Texas, Georgia, and California—the states with the highest losses per victim—seniors lost an average of more than $46,000 per incident. Experts say the real toll is likely higher, since many victims never report crimes out of fear or shame.
AI Supercharges the Elder Fraud Con
The generative-AI boom has made impersonation scams almost frictionless. Voices cloned from a few seconds of audio can now plead for help in a loved one's tone. Photos and social-media snippets feed large language models that compose believable messages in seconds.
Olson says the underlying problem is the surveillance economy itself. When an algorithm knows you're a 75-year-old widow who likes gardening, it's easy to craft a lure that feels personal.
To understand the pervasiveness of these lures, Proxyware conducted a pilot program in nine senior communities in Virginia last year. By deploying decoy "personas" that mimicked the residents' typical online activities, the system recorded nearly 16 million attack attempts over a 12-month period. When the decoy identity appeared to be a senior citizen, roughly 1.5% of all webpages rendered included some form of scam or malicious code—double the baseline for other personas.
"It's like shooting fish in a barrel," Olson said. "The moment the Internet recognizes a user as an older adult, the attack rate spikes."
The pilot was conducted in collaboration with LeadingAge Virginia, a nonprofit organization representing aging services providers across the state. Its president and CEO, Melissa Andrews, says digital safety has become inseparable from overall well-being.
"Residents depend on technology for everything—from connecting with family to managing health records and finances," says Andrews. "But that same reliance opens doors for exploitation. We see phishing, fake tech-support calls, romance scams, and even AI-generated impersonations. Some residents are embarrassed to report what happened, which only increases the damage."
Education Isn't Enough; Policy is Needed
LeadingAge's members now incorporate cyber awareness into their wellness programming, offering regular workshops, open discussions with families, and “gentle vigilance" that encourages seniors to ask for help without fear of stigma. Still, Andrews admits education alone can't keep up with automated deception.
"Even our most tech-savvy staff sometimes struggle to tell what's real," she says.
That mirrors a broader problem in cybersecurity, Olson argued.
"Traditional defenses protect machines and networks. They don't protect people," he says. "The industry's blind spot is social engineering—the human layer where most modern fraud begins."
Lawmakers are starting to pay attention. A bipartisan Financial Exploitation Prevention Act would grant financial institutions greater authority to delay suspicious transactions and require the Securities and Exchange Commission to study ways to curb financial exploitation targeting the elderly. The bill, introduced in the U.S. House of Representatives in March, remains in the Committee on Financial Services, and there is no indication of when it will be considered. The bill was introduced after years of escalating losses. A recent AARP study estimated that older Americans lose $28.3 billion annually to financial exploitation—most often at the hands of someone they know. However, according to Olson, that balance has shifted significantly: five years ago, roughly 80% of elder fraud began with caregivers or family members; today, he says, about 80% originates online.
What Security Practitioners Can Learn
For security professionals, experts say, the elder-fraud epidemic exposes the limits of conventional perimeter defense. Every deepfake plea or personalized phishing lure is also a proof of concept for corporate compromise.
"Employees of corporations are targeted just like grandmothers," Olson says. He notes that the same digital-targeting ecosystem used to deceive individuals can also breach enterprises when it triggers the right emotional response.
Jonelle Gardiner, a certified fraud examiner who works with financial institutions, says she has begun teaching her own parents to pause before reacting to urgent digital requests.
"Scammers rely on panic and emergency situations, because even the best of us can be flustered hearing our child has been arrested or kidnapped," she says. "All logic is lost. In short, pause and think — those short five seconds can be the difference between keeping or losing access to your pension."
Protecting seniors—and everyone else—will require a combination of stronger privacy regulations, improved consumer education, and industry-wide cooperation to dismantle criminal infrastructure more effectively.
"We have to look at this as protecting people," Olson said. "It's not just about fixing the Internet—it's about preventing harm before it happens."
Full Article & Source:
Grandparents to C-Suite: Elder Fraud Reveals Gaps in Human-Centered Cybersecurity
No comments:
Post a Comment