Helping older members avoid scams.

I’ve been asked to give a short presentation to older members of our congregation on how to avoid being scammed via email, pop-ups, computer support phone calls, etc. Do any of you have material or information I could use? I know I could put something together just by searching, but no sense reinventing the wheel if anyone has something already put together.
Terry Schordock
Bay Presbyterian Church
Bay Village, Ohio

The general advice would be if it sounds too good to be true, it probably is, so pass it by.
For emails, firstly never automatically click on any images or web links. First carefully check that the spelling of the ‘from’ email matches the ‘reply-to’ email and that it also matches the domain name of the email you have on any printed letters you received from the official organisation. If there is a mismatch in any way, delete the email.
Get someone on install AdGuard on your PC to block unwanted or potentially malicious popups. You can also set the router DNS to AdGuard DNS, which will do a lot of the blocking also.
With computer support phone calls, ask them to confirm your account details back to you. If they hesitate, put the phone down and block the number to prevent them dealing again.
I’m sorry, but I don’t have any pre-written material, but this is what I have implemented across the organisations I support.

Urgency is the thing they want you to feel.
I would tell people that if you get a sense that you MUST act now, then they need to take a step back and analyze the situation.
For instance, these are a couple of examples things that have happened to people recently.
One person I know, got an email from Amazon saying someone was trying to buy some outrageous item on their account for $600ish and that if it was them they need log and verify and if it wasn’t and they didn’t log on and file a report, then Amazon would close their account.
They said it was very convincing, but the fact the didn’t have an amazon account alerted them it was a scam.
And the other day my wife got an email from an elderly neighbor (or so it seemed) asking for some help acquiring a birthday present for her niece. The email asked that my wife not call her but instead use email to correspond (which was strike one with my wife). But my wife being a good-natured soul responded that she would love to help, what could she do? Another email arrived but this time it came from an unknown email address (strike 2) asking to buy a bunch of google play cards and scribble off the codes and send them back in an email (strike 3).
At this point my wife called my neighbor to let her know she thought she had been hacked and indeed she had.
I tell people to:
• Never click links inside an email, ever! Instead log into the account in question if you think it’s real.
• Anything that seems urgent, step back and look it over to make sure it’s on the up and up.
• If it makes you uncomfortable, ask someone for help.

1 Like

All good advice from Russ and Ed.
KnowBe4 has some resources that may assist you with this as well.
I have used the printout titled, “Social Engineering Red Flags” for similar security awareness training I conducted in the past.
Social Engineering | KnowBe4

There are many resources out there, but there are a LOT of OUCH! newsletters from SANS that are all free to be distributed as long as you don’t change them/remove branding, covering nearly every topic you could think of about security in a home/end-user capacity. You can see and download them at SANS OUCH!

Terry, my first reaction in reading this is this is another unreasonable request of a church IT person. There certainly is a tendency in our ministry that others think we do (or should) know everything there is to know about everything in technology. We don’t. We can’t. It’s physically impossible.

I absolutely love the heart behind this request. But there are significant problems behind this request.

Unrealistic expectations. You have been “asked to give a short presentation to older members of our congregation on how to avoid being scammed via email, pop-ups, computer support phone calls, etc.” That’s just not possible. No matter how much time you devote to this. The danger is that your leadership and your older congregants think they are ‘protected’ if they follow the few words you are asked to give. The potential liabilities to the church and congregation are great unless the expectations are changed.

The task is enormous. The people asking don’t know this. Whole teams of people and companies spend their careers trying to keep up (not to mention keeping one step ahead) of scammers. Even if you could provide everything there is to know today, there are many scammers out there who are already working on new scams for tomorrow.

Scamming someone is about a LOT more than technology. You and I don’t have the skillset to teach on all the techniques used by scammers. Police departments have cybercrime units that specialize in these types of crimes. You and I don’t have this skill set.

The responses others have given are more practical, but if the expectations aren’t addressed this could become a disaster.

I think this is a great idea and one I was considering for my own parish.

Make sure they understand the purpose of the session. You are teaching them to be more cautious online and giving them some skills that will cause them to “think before they click”. It’s their job to broaden those skills. You aren’t teaching them to cybersecurity experts. Just like a session on eating a heart-healthy diet isn’t teaching them to be a registered dietitian.

After a quick brainstorming session, I offer you these ideas.

We are poised to use Wizer for our employee training. Their subscription is heavily discounted for churches but even before you get that far, there is a library of free resources. Their videos are shorter than KnowBe4 which I think makes them easier to digest and you get the whole video and game library - no increasingly expensive levels. Lastly, videos any employee watches may be freely forwarded to their friends and family. (It takes a village to keep everyone safe online.) I’ll bet there is a lot of content - even in the free version that could inspire you.

I’ve been dissecting email scams for a few weeks - sending them to employees and parishes but I’ve been collecting scam examples for much longer. I am happy to share scam samples and even some of the dissections if you want to use them.

It’s not all about email scams though. They’ll need to keep their computer’s up-to-date. They’ll need strong passwords.

From a quick google of “keeping elderly safe from scams”

  2. 5 Ways to Stop Senior Citizen Scams - Consumer Reports
  3. The National Council on Aging
  4. How to Protect Your Parents From Scams
  5. Online Safety for Seniors - CyberInsureOne

Here are some free resources I’ve collected over the years

  1. CERN Computer Security Information
  2. How To Recognize and Avoid Phishing Scams | FTC Consumer Information
  3. Internet Crime Complaint Center(IC3) | File a Complaint
  6. Cybersecurity Awareness Posters | Department of Energy
  7. OnGuardOnline | FTC Consumer Information
  8. Cyber Security Posters
  9. How To Recognize and Avoid Phishing Scams | FTC Consumer Information
  10. Stay Safe Online - Stay Safe Online
  11. Online Safety | Springcroft Primary School

Lastly, those in attendance WOULD benefit from on-going training. You could have everyone sign up for a monthly email where you sample a scam. You could top load 12-months worth of training into email dropped in your drafts - possibly curated from the above list of free resources. After the initial setup it wouldn’t be hard to release an email from your drafts once a month. Or, maybe your congregation already has a newsletter or a Sunday bulletin? Send a slate of blurbs to the editor they can copy and paste occasionally. It doesn’t have to be long. Just an introduction and a link to the resource. Maybe 12 of us could collaborate on a 12-item document that we could all use in our own congregations.

Or, find a newsletter that THEY can sign up for.