Reimagining Cyber - real world perspectives on cybersecurity

CyberSafe Seniors: Protecting Our Elders from Digital Threats - Ep 95

Reimagining Cyber Season 1 Episode 95

In this episode Stan and Rob delve into the critical issue of protecting seniors from cyber threats. Guest Michael Echols, author of "The Shield: Protecting Seniors From Hackers," sheds light on the alarming vulnerability of seniors in the digital age.

Drawing from personal experiences, Stan highlights how elderly family members are frequently besieged by scams, including fraudulent calls and phishing attempts. Michael unpacks the various tactics employed by cybercriminals, from romance scams to Medicare fraud, emphasizing the emotional manipulation used to exploit seniors' trust.

Michael also stresses the importance of proactive measures, such as credit freezes, to bolster cybersecurity defenses. He advocates for open dialogue and collaborative efforts within families and communities to combat cyber threats effectively.

Furthermore, the role of AI in both perpetrating and mitigating cyber risks is explored. While AI-driven attacks pose new challenges, innovative solutions like AI-powered call screening offer promising avenues for safeguarding seniors.

The episode concludes with a call to action: to recognize the gravity of the cybersecurity threat facing seniors and to take proactive steps to mitigate risks. By fostering awareness, implementing security measures, and fostering open communication, we can collectively shield seniors from the perils of cybercrime.


Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

[00:00:00] Rob Aragao: Welcome everyone to another episode of Reimagining Stiver. Is that Stiver? Cyber? Cyber? Cyber? 

[00:00:07] Stan Wisseman: What is this, right? 

[00:00:08] Rob Aragao: I don't even know what I'm talking about. Welcome everyone to another episode of Reimagining Stiver. Rob Aragao here with Stan Wisseman. Hey Stan, so what's today's conversation going to be about?

[00:00:17] Anything new, interesting that we're going to talk about? 

[00:00:19] Stan Wisseman: Well, Rob, as you, as you know I recently helped in the transition of my parents from Texas. They lived in Dallas since 1960 over to Colorado where my sister is, and so now they're going to be an independent living. And so they're, they're settling into the community, into that community and was helping them set up their, their new internet and, you know, getting used to their environs, right?

[00:00:45] And you know, it became more obvious to me than ever just how vulnerable I am. They can be, you know, in, in the context of their online presence, their interactions with others just [00:01:00] the level of you know, uncertainty they have is how they should do things and, you know, it, it just, I think it's a good discussion to, to cybersecurity impacts seniors and, you know, let's face it, I think they're a target.

[00:01:16] Rob Aragao: So Stan, then who should we have a conversation with about this topic? 

[00:01:19] Stan Wisseman: Rob, I think there's somebody special that we can bring back, Michael Echols. Our listeners hopefully remember that he was on back at episode 13. Michael, you helped us get things started. Michael is a leader at national level and international level for cybersecurity, and he has a focus on threat prevention.

[00:01:37] He's the CEO of Max Cybersecurity LLC. And late last year, Michael had a new book come out. It's called The Shield: Protecting Seniors From Hackers. And that's what we want to talk about. Michael, it's a, an important topic. Thanks for coming back on the podcast. Anything else you want to talk about and catch people up on what you've been doing for the last couple of years?

[00:01:57] Michael Echols: No, I mean, that's basically it. [00:02:00] I recognized when I left Homeland Security and started traveling around the country that people outside of the Washington DC area just are not in tune to what criminals and hackers are trying to do to them, and it gets even worse when we start talking about people who are not in the workforce any longer, or people who are above a certain age.

[00:02:22] So that's become a great concern of mine. 

[00:02:24] Stan Wisseman: Yeah, and actually my, my folks that we were just talking about this, my folks are elderly and they are in that, in the crosshairs, seemingly of online scam all the time. I was with them recently and, and they were getting phone calls. It was like one, one phone call, no joke.

[00:02:40] Was from my, my purportedly my sister who was in a car accident. We knew my sister was at their house helping the movers. I said, so how's the move coming? What move? Oh, gosh, I guess you're not Melinda after all, but they're hit by this stuff all the time. So can you [00:03:00] shed some light on why the cyber criminals disproportionately target seniors and identify any kind of characteristics that make this age group more susceptible to those kinds of tactics?

[00:03:12] Michael Echols:So, so first, I think we need to look at this at a higher level. It used to be what we deem scammers just those people who are trying to take advantage of you and get your cash. And then we start dealing with hackers who were using programs. And those programs could work through ads or those programs could work through any type of connection you had to social media, to lead them to vulnerable people.

[00:03:41] Anybody that was susceptible to click on whatever link was being sent to them. And now we've gotten to the point where organized crime is actually connected to the hacking community. And so with this being the challenge all signals off. I mean, it is [00:04:00] one of those things where they're looking for the lowest hanging fruit.

[00:04:03] In this particular case, the lowest hanging fruit happens to be a set of individuals who may have retirement plans, who may have a home, who may have bank accounts Full of cash that has just been sitting there for years, investment accounts and so they are challenged because they're not aware of the depth to which a criminal will go to get their funds.

[00:04:30] And that actually puts them at a disadvantage. 

[00:04:33] Rob Aragao: What are you seeing as it relates to more of the, the kind of the threats that they're coming at them with? What are the, you know, examples maybe that you can share? That have happened just so that people again can get better educated on this. 

[00:04:44] Michael Echols : Sure. So you have the traditional things.

[00:04:47] Seniors, a lot of them are either widowers or they live by themselves. They're lonely. And someone reaches out to them. They connect with someone who has some of the same interests that they have. And next [00:05:00] thing you know, they are being hit with a romance scam for it. Where the person endears themselves.

[00:05:07] And there are other, one of the major ones that's going on right now is the Medicare and health care scam. I have an aunt who probably has six neighbors. So essentially what they do is they, they call connect with them on email and they connect as a legitimate Medicare, Medicaid provider. And once they get the seniors Medicare number, they then can put in a claim in their name.

[00:05:41] So they may be charging the government or whoever the provider is 400 for that knee brace. And they're sending these 18 need braces to the senior. And so that's just a small microcosm of the types of scams that are going on in that [00:06:00] Medicare, because if you can imagine, there's a thousand different approaches that can be taken towards that, right?

[00:06:07] There's also the tech support scam. We all get that. We, we are all in a situation where the box pops up and tells you that you know, you have a virus on your computer or other types of things. And I particularly have seen, I was sitting with my mother and she got a pop up while I was sitting there that says, you have a virus, please call this number so that tech support can resolve this for you.

[00:06:32] Stan Wisseman: And remote in and be able to get access to your little laptop you have there, ma'am. And it's so ridiculous. 

[00:06:40] Rob Aragao: Hey, Michael, let me, let me kind of add a little bit to that. So, so this is, this is the kicker. So, you know, obviously all of us in cyber. My father in law in his early seventies I think I've trained him pretty well.

[00:06:52] A similar message pops up, tech support issue, contact us to help you, you know, rectify this issue. He plays the game, [00:07:00] Michael, he calls them up, he calls them up knowing that it's a, it's a scam and he plays along with them. And then he, you know, he says, you don't, you don't need anything from me. I'm not giving you anything.

[00:07:11] This is a complete scam. I know this my son in law has taught me the better and then he calls me up and tells me You know what just happened 

[00:07:18] Stan Wisseman: Very proud of himself 

[00:07:19] Rob Aragao: Walks me through the scenario and I said, well, I guess I've educated you well in that front I appreciate that right he loves playing that game I'll tell you but i'm glad that he knows because others don't to your point.

[00:07:29] Michael Echols:: Here's one of the challenges I wonder how he would do with this one recently in Arlington, Virginia, they had a situation where seniors were receiving postcards and that said that they they had jury duty go to this number. It looked legitimate county seal. They go on to the website Of course, they put their stuff in and it says oh you missed your day a couple of things can happen now You may have to pay a fine you may have to go to jail because you missed your court date It [00:08:00] scares them.

Rob Aragao: Please call this number. 

[00:08:02] Michael Echols: They called the number trying to be diligent And they are told they can just pay the fine that one Was just one of hundreds of these going on around the country. Wow. And most seniors are trying to be compliant. They're trying to be good people. That is the downfall. 

[00:08:23] Stan Wisseman: And Michael, I think we all have this desire to trust others and think things are legitimate.

[00:08:30] And, you know, as. Seniors like my parents try to engage online. They try to do their banking online. They try to, you know, but I still have to tell my mom, mom to get to your mail. You need to click this icon. You know, I mean, it just it's sort of like some of the basics are still not there, but they're still trying to engage online.

[00:08:49] I found it curious that. You know, in your book, you, you have a chapter on fundamentals for cybersecurity. I mean, you make an effort to try to talk about CIA [00:09:00] and get through some of these concepts. Why did you think that was valuable to try to, you know, go through the fundamentals to get their awareness up, you know, on some of the things that let's face it may or may not stick.

[00:09:13] Michael Echols: So most of the seniors that I'm dealing with are actually former professionals. And they are very smart people and they're very mechanical. They can put things together. And what happens is when their children try to explain things to them, it's very emotional. And so my approach was to have a discussion with them to say, Oh, you know, vulnerabilities times threats, times consequences.

[00:09:36] You have vulnerabilities. And when those are exercised by threats, you may have some bad consequences. And I was trying to give that to them in a very simplistic way to help them understand that. All we're ever trying to do is reduce risk. And then I explained to them that even cyber professionals get hacked because [00:10:00] one of the issues they run into with receiving information from their children or someone else that's trying to get them to stop clicking on those links is they either feel embarrassed or they feel like someone's saying that they're not smart.

[00:10:15] Stan Wisseman: And they don't want to admit it to their children either because it looks like they're, again, the dotting old person that doesn't understand things. 

[00:10:24] Michael Echols : I wanted to lift them up first, then explain to them that one of the solutions is actually communicating. So that when they're communicating with their children or telling someone, there's no shame involved.

[00:10:36] That's one of the solutions that even cyber people use with each other. 

[00:10:41] Stan Wisseman: And I guess one of the things to think about is also the impact is, you know, if you think about their personal risk and their profile as, as elderly folks accessing on being targeted, but how does, how does the online activities that they're taking, they're taking part in impact the broader cybersecurity [00:11:00] risk landscape and in their community as well as society as a whole?

[00:11:04] Michael Echols: Sure. So I spent many years as you guys have working critical infrastructure and try to protect what we deem critical functions of this country. And what we come to realize is that in all these communities, just like protecting our water sources, and just like protecting our electrical sources, protecting senior citizens becomes critically important because they're the foundations of those communities.

[00:11:30] And something very quietly is happening. FBI reports maybe 2. 5 billion. I think it's closer to 5 billion of loss by seniors, right? And when I say lost by seniors, I want you to understand that there was a situation last year where a lady went to, and I could say it because it's public, Chase Bank. She went into Chase, known entity, right?

[00:11:54] She went into Chase Bank. And she has never sent the wire before. She's 80 years old. She's [00:12:00] starting to lose her memory. She's sending wires at 50, 000 a clip and no one attempted to stop her or to become a friction or a bridge to between them and whoever else they were sending the money to. So that's the challenge that they're facing.

[00:12:19] But as the seniors. Start to lose, someone's going to have to take care of these things, right? So this problem becomes all of our problem. 

[00:12:28] Stan Wisseman: But I do think going back to our previous podcast, you made a striking point that the government is not there to save you. 

[00:12:35] Michael Echols : Absolutely. They have a function to protect the

[00:12:39] .gov and they protect the .com and they put policies and practices in place. The CFPB Consumer Protection Bureau. They are doing a great job of putting out policies and guidance, but the guidance falls on deaf ears if the person that's supposed to receive it doesn't get [00:13:00] it, or if they don't know what to do with the information once they receive it.

[00:13:04] Rob Aragao: Michael in addition to your book, which is a great foundation to help, you know, the seniors really get better acclimated and things they should be doing. Are there other tools you recommend to help them, you know, again, user friendly tools for them, right? To better be more you know, better cyber hygiene, if you will.

[00:13:21] Michael Echols: So in the book, I, I direct them to resources AARP is doing a much better job at this. Everybody from the FCC to the, even the SEC, they have guides for seniors on their websites. But I also tried to give them some actions. And one of those actions, for instance, was to start understanding and doing exercises with two factor authentication to start thinking about, do you have two pieces of information that validate something, right?

[00:13:51] When your kid calls, right, you recognize their voice, you know what they're talking. When you get on the computer, you know, I explained to them about being able to log on and do [00:14:00] these things. And so, those exercises that I was giving them actually takes them to another level. For instance, one of those things is to go in and freeze your credit.

[00:14:11] If you don't consistently get new credit or buy things, I explained to them that. You can go right to any of the credit bureaus and unfreeze it with no issue. 

[00:14:22] Stan Wisseman: That's a good practice for all of us, right? Yeah, and I guess those are some good proactive measures, right? But what are the recommended actions you give to seniors as far as the awareness, the light bulb goes on.

[00:14:37] I've been hacked. I've been subject to some kind of scam or some kind of online thing. And now my information is out there or the money is being transferred. What do I do? Who do they call or who can they call to help them?

[00:14:48] Michael Echols: So it's usually through a third party source, a legitimate source, either their bank or it's something related to Verizon.

[00:14:58] There was a scam where someone was [00:15:00] taking checks because a lot of senior citizens, they don't write checks and changing the numbers on them and just making small changes. And so all of a sudden old check that went to Verizon for a hundred dollars, somebody is now written for 10, 000 or 1000. And so they need to go back to those sources once they understand call Verizon.

[00:15:23] They've heard it before, so they probably put they get smarter as they go also, right? Go back to your bank on one particular case, one lady that wired money to a source and realized that she made a great mistake, was able to go back to the bank. And fortunately, the bank didn't wire the money right away.

[00:15:44] There was a couple of hours feed time. So, this idea of communication, whether you're doing it with that third party source, or you're calling your daughter or your son or someone who generally helps you with your living [00:16:00] situation, that's key. Speed. Time. It's, it's super, super, super important. I also talk about the IC3, which is a FBI source where you report things.

[00:16:12] But I explain to the seniors that at the point in which you're reporting there, no one's going to come to your home and take a report. No one's going to, Do anything that's going to help you retrieve your funds. You're just contributing to the knowledge base. 

[00:16:28] Stan Wisseman: You’re a  data point.

Michael Echols: Correct. You're, you're a statistic to them saying, yep, another one happened over there.

[00:16:33] We're not, you know, the, the perception the senior may have that the FBI is going to come in, swoosh in and help you. Sorry, that's not going to happen, folks. 

And then I also, you know, you would think my mother, my mother in law and other people, they've been listening to everything I've been saying for years.

[00:16:48] Right. And sure enough. My mother in law gets a phone call and it literally is our son saying that he's been in a car accident [00:17:00] and he just needs some funds. He's okay. And another gentleman gets on the phone, she's shaken because it sounds exactly like our son. And so we had given her a code word though.

[00:17:13] And the idea is that you have, you first recognize that these things happen. And then you put in place a code word or hang up and call back, right? And do a confirmation process. And this is part of that two factor thing I explained. 

[00:17:32] Rob Aragao: You know, that that's a great example and appreciate you sharing with the audience of something simple to put in place the code word.

[00:17:38] I mean, we do the hanging up things that the code words and other. I think that's great because we've heard too many of these stories as of late, especially 1 of the other areas. I wanted to get your thoughts on is. We know that emails, phishing, right, scams, it's, they're prevalent they've gotten much better to, to look more real.

[00:17:55] But I, I want to kind of talk about a little bit of the social media aspect of things because [00:18:00] more and more seniors are, right, wanting to get on social media, want to be more engaged with their grandchildren, right, and their friends. And so what about that side of cybersecurity concerns and scams? What guidance do you provide?

[00:18:13] Michael Echols : So I tell them I, I take them back to that risk management conversation we had with them and I tell them that when you engage in any communications, whether it's on a phone, whether it's social media, You are increasing risk, right? When you're dealing with people that you don't know or someone that you think is someone else you're increasing the risk.

[00:18:34] So then how do we now make this like a game, right? How do we reduce the risk? And part of reducing the risk is if someone's asking you for something, your antenna should go up. If someone's asking you to do something quickly, your antenna should go up. And so there are these. clues that I provide them where [00:19:00] if they see these things happening, they take two steps back so that they can have a better view of what's going.

[00:19:07] And I think the big part here is just the awareness, right? And I also, I start the book talking about place that you are most likely to be co opted. Or for someone to approach you is in social media. So when you're on social media, you should actually have a greater awareness than you would in any other circles.

[00:19:32] Right? And then I also tell them that go out, go on Google and search for articles. Because there's no better teacher than them reading stories about these things that have happened to other seniors. Right? Then they don't feel ostracized or feel like they're not smart or different from other people.

[00:19:53] They realize that this is a national, international crisis. And they're just [00:20:00] doing these things to make sure that they don't become the next victim. 

[00:20:04] Stan Wisseman: The next statistics, right? And we've all given examples of our family members, which is natural. But you've been out, Michael, in the community. engaging with seniors on this topic.

[00:20:15] What's the reaction been?

[00:20:16] Michael Echols: It's amazing. Even I've had family members at sessions that I've had with, you know, 100, 150 people, seniors will show up. They are very interested. And I've had family members tell me afterwards that they were scammed and they've lost money. They never shared this information before.

[00:20:39] And after one or two people speak, All of a sudden, everyone in the room has a story. It is a big deal. 

[00:20:48] Stan Wisseman: It's almost like an AA meeting, right? It's sort of like somebody said, I am, I have been hacked. 

[00:20:55] Michael Echols : Everybody has a story. And you know, [00:21:00] I want to encourage people to talk to their seniors, but just be careful about the way you approach them.

[00:21:06] Mm hmm. Don't approach them as if they, the way that they approach you when they were adult and you were the kid and now you're the adult and they're like a kid. 

[00:21:16] Stan Wisseman: Shields go up, right? 

[00:21:18] Michael Echols: That's correct. You have to approach them like an equal and it's a family issue, right? We're doing this as a family to make sure that we all stay safe.

[00:21:31] Yeah. That's a solid approach. 

[00:21:33] Rob Aragao: Hey, Michael, wanted to ask you one more thing, and that's around again, in your book, you, you do, you do call out AI. And I wanted to get your thoughts on it from, you know, seniors, again, and the things that they need to be aware of from an AI perspective with cybersecurity threats.

[00:21:47] You kind of alluded to one with the calling aspect of things, right? But also what role AI is playing to help better protect them from these types of threats. Just your thoughts on that. 

[00:21:55] Michael Echols: Sure. You can actually buy if we're talking about a phone for [00:22:00] us. The phone that I have in my home is made by AT& T, and it does a pretty good job of taking out a lot of the scam calls, a lot of the robocalls.

[00:22:11] I don't even get them. And then when somebody does need to get through to me, they announce themselves, and it tells me who they are before I actually speak to them. So that's one thing you can do from the calling perspective. From the web perspective I tell them, and what I think everyone needs to understand is, when you have antivirus on your protection on your computer, it has to be updated regularly.

[00:22:35] One of the failures that you see, especially with seniors, is they've got the antivirus on their computer from three years ago, and they also don't understand that when they're, when it asks them if they want to do updates or automatic updates, that by doing that, they're actually inviting in better protection and the new protection.

[00:22:58] No one ever explained that to them, [00:23:00] right? And so it's these simple types of things. That some, some can be done in conversation, some things they don't want to know, but if you can get them to just do the automation the AI is presenting us with threats that we want to be able to comprehend because it does better to targeting, right?

[00:23:18] And helping them understand that if they ever participated at any group where there was a list. They've never been to any conference. It could be where they participate at a senior center. The senior center is hacked. And then they are receiving people trying to do things to them based on their relationship to the senior center and the fact that they can be scammed based on their relationship to the senior center.

[00:23:46] Stan Wisseman: And the AI is going to be able to craft much more convincing phishing attacks. The emulation of, of family voices, unfortunately, is going to be easier. The volume is, is going to [00:24:00] increase as far as the type of these target attacks, right, Michael? So I think it's going to be even more difficult. 

[00:24:07] Michael Echols: And a number of data points.

[00:24:08] Stan Wisseman: Yeah. Yeah. It's just, it's gonna be tough for all of us, much less this category of the seniors. But thank you, Michael. This has been great. It's great to have you back on. I'd love your pivot. I mean, in a sense that I always think of you in the context of critical infrastructure and DHS. Right? But the fact that you are addressing this, this pain point, and I'm curious as to how you actually found, how did you.

[00:24:30] You know, go to this place as far as, you know, wanting to focus on cybersecurity and, and seniors and how they're potentially being subject to these hacks. Was there something that happened personally that motivated you? 

[00:24:42] Michael Echols: Just dealing with my, my mother and her friends and other senior citizens and my love for them.

[00:24:49] It's clear to me that they don't have a chance, right? I'm actually seeing the same things happen to younger people young adults. The difference is they have the rest of their [00:25:00] lives to make up whatever income loss that they suffer. 

[00:25:03] Rob Aragao: Good point. 

[00:25:03] Michael Echols : Seniors, they lose their home, they lose their pension, they lose their 401k.

[00:25:09] Their earning years are typically over. That 

[00:25:12] Rob Aragao: pains me. For sure. Michael, as Stan said, it's, it's always a pleasure to have you on. It really is. And the service, I think, in my opinion, that you're doing to help that senior community is tremendous. The examples you shared. Are simple, right? And some things like you heard me like the code work.

[00:25:29] I didn't think about that, right? We do the callback thing. That's even an easier approach. Right. So appreciate you coming on and sharing with the audience. Again, for those that want to go out there and read the book or share that book with a loved one, right? The Shield Protecting Seniors from Hackers.

[00:25:41] Really appreciate having you on and joining us today. 

[00:25:44] Michael Echols: Fantastic. I appreciate you guys. And I look forward to talking to you again. 

[00:25:49] Stan Wisseman: Thanks, Michael.

People on this episode