Every day, cybercriminals steal millions from our elderly loved ones. Cybersecurity professionals have the power to prevent it. Yuksel Aydin, CISSP, discusses how cybersecurity professionals can help better educate and support those at risk.
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
By the very definition of the word, cybersecurity “professionals” everywhere are typically bound by a code of ethics. For example, as ISC2 members, we pledge to “protect society, the common good, necessary public trust and confidence, and the infrastructure”. Yet while we fortify digital perimeters and secure corporate assets, our communities face the systematic targeting of the elderly for the purposes of committing fraud, something that has rapidly emerged as one of the fastest-growing global crimes.
Elder fraud is a global issue impacting nations from Japan to Germany, Australia to Canada. In the U.S. alone, the FBI’s Internet Crime Complaint Center (IC3) reported that 140,000 Americans over 60 lost $4.885 billion to cybercrime in 2024. However, this represents the documented losses of just one country.
According to IC3’s 2024 data, the most common scams affecting the elderly are:
- Investment Scams – In which criminals create fake websites promising guaranteed returns
- Tech Support Scams – Involving pop-ups or calls claiming computer infections, with criminals demanding remote access to "fix" non-existent problems
- Government Impersonation Scams – Leveraging fear, with fake tax or health agents threatening arrest unless immediate payment is made via, for example, gift cards or crypto
- Romance Scams – In which criminals build trust over time, using stolen photos to create fake relationships before requesting money for fabricated emergencies
But the cybersecurity community has unique capabilities and opportunities to combat this epidemic – if we choose to act.
Why We Should Act
Modern criminals deploy AI-powered voice cloning, create convincing deepfake videos and orchestrate multi-stage social engineering campaigns that can challenge even seasoned security professionals. The technical sophistication of such attacks therefore constitutes a critical security challenge: when seniors fear online services or refuse to adopt beneficial technologies due to fraud concerns, societal trust in digital systems is undermined and we fail in our collective mission to inspire a safe and secure cyber world. Addressing such attacks therefore demands our expertise.
As certified professionals, we understand attack vectors, recognize social engineering patterns and can clearly explain complex threats. This knowledge carries a community responsibility. When we limit our expertise to protecting organizational assets, while communities suffer preventable losses, we miss an opportunity to be useful to each other. Our ethical canons call on us to "advance and protect the profession", but genuine advancement means extending our protective capabilities beyond corporate boundaries.
Building Community-Based Defense Networks
The cybersecurity community has successfully created information sharing and analysis centers for critical infrastructure, building collaborative defense frameworks transcending organizational boundaries. My belief is that we should now apply these proven models specifically to the protection of the elderly and vulnerable.
Our understanding of the tactics used by criminals empowers us to initiate targeted conversations: simple truths, such as government agencies never demanding gift cards or tech companies never initiating unsolicited support calls, can significantly reduce vulnerabilities among seniors. If all cybersecurity professionals actively address elder fraud awareness within their professional and personal networks, we can collectively activate a multiplier effect – reaching millions of vulnerable individuals worldwide.
ISC2 already champions community protection through various volunteer opportunities, from short-term projects to committee roles. Such initiatives demonstrate ISC2's commitment to extending cybersecurity protection beyond corporate walls. Members can specifically leverage these existing channels by volunteering in educational sessions targeting senior cybersecurity awareness.
Simple, Actionable Steps to Take
Every cybersecurity professional can make an immediate difference. During this October's Cybersecurity Awareness Month, consider dedicating just 15 minutes of your existing security awareness sessions to elder fraud prevention. Highlight the main scams and encourage employees to have conversations with elderly relatives using straightforward prompts such as "Has anyone called about your computer having viruses?".
Beyond the workplace, propose elder fraud awareness as a community service activity to your local Chapter. Members already gathering for professional development can extend their impact by organizing informational sessions at local libraries, senior centers, or community groups.
No new programs are needed, and no additional budgets are required – just cybersecurity professionals utilizing existing platforms and materials – such as the Safe and Secure Online program to share knowledge that can prevent devastating losses. If just the members of ISC2 could each take small actions, never mind the millions cybersecurity professionals worldwide, the collective impact can be transformative.
A Call for Professional Responsibility
As we advance our careers, earning certifications and safeguarding critical infrastructure, let’s remember that cybersecurity is not only a job; we do a ‘public good’. By extending our protective expertise to those in need, we honor our profession, strengthen our communities, and build the safe, secure cyber world we have pledged to support.
Every cybersecurity professional possesses knowledge capable of protect seniors – to prevent a senior from losing their life savings, or a widow from falling victim to a romance scam, or a retiree from fraudulent tech support calls. The question isn't whether we have the capability. It's whether we have the commitment to dedicate 15 minutes.
Yuksel Aydin, CISSP, has over 10 years of experience in cybersecurity and privacy across global corporate sectors. He has held senior leadership roles, with responsibility for safeguarding leading multinational security operations. His cybersecurity work spans critical infrastructure protection, AI safety research, and public-private sector collaboration to defend essential services and vulnerable populations.
