Phishing Prevention for the Elderly: How Age Impacts Efficacy of Software Phishing Prevention Methods; Cybercrime and Age in the Post-Pandemic Era: What does the Adaptation of The Elderly Population to Phishing Attacks Tell Us About Cyber-Crime Prevention?

Cybercrime, one of the most pressing new dangers of the modern era, impacts older and younger adults differently. While both age groups pay severe tolls for falling victim to a scam, the traditionally more technology adverse elderly Americans currently fall prey to cybercrime at higher rates than the general population, constituting 28% of all loss reported in 2023. The most prevalent form of cybercrime is phishing, or the sending of fraudulent messages claiming to be a different person or organization. Phishing bucks the general cybercrime age demographic trends; following a post-pandemic drop for the age group of over 60%, phishing rates among the elderly are significantly lower than the general population. There is an abundance of evidence to suggest that elderly adults and younger adults tend to have different responses to phishing. This divide is apparent at all stages of a phishing attack, including what prompts them to engage with a phishing scam, their behavior while parsing a phishing attack and their likelihood of reporting afterwards. My research explores the context of age within the post-pandemic phishing climate and the utilization of age-based cybersecurity prevention with the goal of better understanding the sociotechnical relationship between phishing and the elderly and providing the knowledge necessary to reduce phishing and cybercrime.
The technical project in this portfolio is intended to provide a framework for the future research of age-specific software phishing prevention methods. Due to the differences in how elderly ang younger age groups interact with phishing, some researchers have identified a need for the research and development of phishing prevention strategies that are tailored to a single age group, with the hope of more specialized methods increasing the efficacy of phishing prevention methods. Within the technical paper, I outline how the development of anti-phishing software tailored to a specific age group could be conducted through iterative rounds of testing and feedback. Additionally, the project identifies various strategies that phishing prevention software can employ to be compared for efficacy among different age groups based on the available research into differences in interactions. Ultimately, the experiment outlined is intended to quantifiably and qualitatively identify what works and what doesn’t in anti-phishing software through the lens of age.
The STS Research portion of this portfolio examines the recent extreme drop in phishing reports among the elderly compared to the modest decline among the general population within the context of the pandemic and post-pandemic eras. During the pandemic, elderly adults increased their use of technology, especially for the purposes of communication. Phishing attacks also evolved during and after the pandemic, with volume of phishing attacks more than quadrupling pre-pandemic numbers and the quality of phishing attacks improving with the creation of better AI. The paper concludes that the efficacy of phishing attacks against the elderly appears to have genuinely decreased and decreased report numbers are unlikely to be a result of less exposure. While more research is needed to confirm the reasons behind the elderly becoming more adept at handling phishing reports, a shift in the most common attack sectors targeted by phishers as well as increased familiarity with technology as a result of the pandemic might have had more beneficial effects for the elderly compared to the general population of adults due to the identified differences in how elderly and younger adults interact with phishing attempts, which includes differing vulnerabilities to certain sectors and differing effects of increased phishing knowledge.
While both projects in this portfolio examine gaps in the current body of research, they constitute only a small foray into these gaps that demand more research. While the STS Research Paper constitutes a satisfactory early examination of trends that are still unfolding, as more research is conducted on the evolving relationship between the elderly, phishing and technology and the current trends continue to unfold, there is likely to be more insight into what has caused the post-pandemic drop in phishing reports by the elderly. A review of this topic in four or five years might have clearer data to draw from and more definite answers. Additionally, while the technical project outlines how age-specific phishing prevention software might be developed, to reap the benefits of this research requires the future execution of the experimental process described, or the development and testing of any age-specific phishing prevention software.

School of Engineering and Applied Science

Bachelor of Science in Computer Science

Technical Advisor: Briana Morrison

STS Advisor: Kent Wayland