You ordered a pizza. You paid with PayPal. You went to bed. And by the next morning, you lost $14,000.
This happened to a real couple who received a call from someone claiming to be from PayPal, alleging the company had accidentally transferred that amount of money into their account and needed remote access to their computer immediately to get it back. The caller told them the police would be at their home within the next hour if they did not transfer the money.
This was one of many unfortunate stories Jim Hughes, a certified identity theft risk management specialist for Senior Risk Solutions, has heard over his career of more than 20 years.
Hughes recently shared some of his top tips for preventing online scams with Kendal at Home members in a webinar.
The losses he described were real, and the people who fell for them were careful, intelligent people who didn’t yet know the sophisticated tactics being used against them.
Why Are Older Adults Frequent Targets of Identity Theft?
Adults 60 and older filed more than 200,000 complaints in 2025, more than any age group, with reported losses reaching $7.7 billion, according to the FBI Internet Crime Complaint Center’s 2025 Annual Report.
Thieves tend to target older adults because they have more assets, Hughes said. They may also be more trusting because of generational differences.
“We were raised when we left the keys in our car in the driveway, and our front door was unlocked,” he said. “Today there are people coming at us from all angles, especially from a digital standpoint, because they can reach us from all corners of the globe.”
And the older you are, the harder it is to recover those lost funds, which puts extra pressure on seniors and their families.
The tactics are designed to bypass your instincts, working through deception, manipulation, and betrayal.
By the time you realize something is wrong, the damage is already done.
“The callers are really skilled, so you’ve got to be really careful,” Hughes said.
He gave several examples.
For instance, callers used phone numbers that matched a bank’s real number. In one case he described, a woman stayed on the phone for four hours with a caller impersonating her bank who told her her account had been compromised. The caller said there were $23,000 of fraudulent transactions on her account, and they proposed closing the account and opening a new one. In a similar scheme, a pastor transferred $10,000 to a caller claiming to be from his bank who told him his account had been compromised.
Fortunately there’s an easy fix for this: block any caller who isn’t already in your contact list.
AI has made it easier for scammers to impersonate familiar people using their image and voice. Jim shared the case of an older man who sent $9,500 to someone he was certain was his grandson because it sounded exactly like him.
Five Things You Can Do Right Now
You can better resist these attempts by following a few practical strategies Hughes shared.
1. Hang up and call back
If someone claiming to be your bank, the IRS, or anyone else who sounds official, don’t respond. Hang up and call the institution directly at a number you already have. It’s also important to remember that your bank will never ask you to open an account, close an account, or transfer funds over the phone.
2. Never give remote access to your computer.
Some scammers claim your computer is infected and will ask you to give them remote access, then demand payment for “fixing” it. Never give remote access to your computer to someone who claims to be tech support, your bank, or a government agency.
This makes it easy for them to access information, including saved passwords, or install malware or spyware that can monitor your activity and use it to steal from you.
3. Use strong, memorable passwords
Jim demonstrated that an 8-character password can be cracked in 35 days, while a 16-character password with no real words takes 152,000 years. His recommendation is to build a password using the first letters of a phrase or song lyric you’ll remember, then layer in numbers and symbols.
“Security is not convenient,” he said, “and convenience is not secure.”
4. Turn on two-factor authentication
Two-step verification or multi-factor authentication adds a second step after you log in, typically a code sent to your phone. This makes it less likely that someone can gain access and install malware or access passwords.
5. Never click links in texts or emails you didn’t initiate
Jim noted that half of the calls coming into his support centers involve seniors who clicked a link in a text and unknowingly downloaded malware. When you click, it can follow you directly into your bank account.
Protect Your Finances and Your Future
Staying safe online is part of staying independent. And staying connected to a community that keeps you informed is one of the most powerful things you can do for yourself.
Our members receive access to monthly social and educational gatherings that cover topics related to health and wellness, financial planning, technology, and more.
If you’re curious about what Kendal at Home membership includes, register for an upcoming virtual seminar.
It’s a no-pressure way to ask questions and find out whether it’s the right fit for you.
