“How to Avoid a Scam” From the FTC

After writing a few weeks ago about seniors’ particular vulnerability to online scams, I heard from several readers that are actively working to educate seniors about the risks they face. The stories in those emails indicate that things are worse than I thought, and that seniors are even more ignorant to these risks than I imagined.

Reader Lisa sent a link to this excellent document from the FTC, which you can get in PDF or printed form:

How To Avoid a Scam | FTC Bulkorder Publications

Phishing in the Age of AI: Why Seniors Are at Risk

I recently reviewed the FBI’s Internet Crime Complaint Center 2024 report, which revealed $16.6 billion in reported losses (a 33 percent increase) and over 859,000 complaints last year. The most frequent victims? Our oldest generation.

It wasn’t so long ago that phishing emails were easy to spot: terrible spelling, awkward phrasing, even comically bad graphics. That’s no longer true. Thanks to AI, scammers can now follow up a perfectly crafted email with a synthesized voice call that talks you through every step of the con. If you’re lonely or vulnerable, it’s terrifyingly convincing.

I experienced this firsthand just recently. I received what appeared to be an urgent notice claiming I owed a substantial amount to the IRS. The email was flawless, and the automated voicemail that followed sounded almost human. My gut told me it was a scam, but I still called my accountant—because who isn’t paranoid about the IRS? If these tricks can shake my confidence, imagine how easily they might break through to a less tech-savvy senior.

Be careful out there; the bad guys are getting smarter. Forewarned is forearmed.

For practical tips on spotting and avoiding phishing scams, check out the FTC’s guide on recognizing phishing. And if you’ve got loved ones in the older demographic, AARP’s scam prevention resources are a must-read: AARP: Scams and Fraud.

Why not talk to your elderly parents this weekend about phishing scams?

A Case Study in Phishing

A few days ago I received this email. I thought it was an excellent example of a phishing attack. If you’ve never heard of it before, phishing is a process where a bad guy sends you an email that looks legitimate in hopes that you’ll click on the link and give information to him that he can use to somehow screw you over or steal your money.

Here’s the email. Click to enlarge.



In this case, they’ve created an email that looks a lot like it came directly from Apple. It’s got the Apple Logo and the YouTube logo and, on first glance, looks official. It informs me that I’ve subscribed to YouTube Red for $149.99/month and it gives me a handy link to unsubscribe. There be the dragons. If I were to click on that link–I didn’t–it would ask me for my iTunes login or my credit card (or both), and then the bad guys would have my information. Game over.

The first tool you need in fighting Spam is common sense. YouTube Red does not cost $149.99/month, and a simple search will tell you that. If there is any question, also take a closer look at the details. The sender lists their name as “App Store” but disclosing the actual email address; it’s “noreply11@fillappealform.com”. Does that really sound like an address Apple would send you to confirm a subscription? Also, it lists “Payment Method” as “By Card”, not the usual xxxx-xxxx-1234 you usually see. It also creates this sense of urgency, explaining I’m on a free trial but I will be charged $150 in just two days if I don’t act. While I can see how this email may fool some people, on the barest scrutiny, it starts looking shady.


Screen Shot 2018-02-28 at 9.27.27 AM.png

If you ever find yourself tempted to click on any link in an email that involves a problem or access to any of your online accounts, stop and think for a moment. Then go to the source website itself and check. In this case, logging onto my iTunes account would show that I have not, nor have I ever, signed up for a YouTube Red subscription.

Finally, there’s nothing wrong with proving yourself wrong on this stuff. I recently got a “credit card expired” email from Squarespace. Rather than clicking on the link, I went and logged into my account and discovered that my credit card had, in fact, expired. Better safe than sorry.

Want to learn more? I wrote a book about email.