Elder scams targeting people over the age of 60 in the U.S. led to losses of $3.1 billion in 2022 alone, according to study by the company Incogni. Some 103,000 crimes were reported across 30 different categories. Approximately 60% of these crimes were facilitated or exacerbated by criminals having access to victims’ personal data.
Incogni’s researchers examined the Annual Reports and Elder Fraud Reports published by the Internet Crime Complaint Center (IC3), a division of the FBI, investigating numbers regarding internet crimes against people over 60. The researchers aggregated yearly losses and victim counts per crime type from these reports with additional supplementation with 2022 data concerning state-level information. Since the study’s data was based on victims’ reports, it is likely that the actual damage done by elder scams in 2022 exceeded $3.1 billion, when factoring in unreported crimes.
While financial losses by the elderly to scams have grown consecutively year-over-year in recent years, the IC3 data actually shows that the number of victims annually has been dropping steadily since 2020. As a result, in 2020 the average loss per victim was $9,000, while in 2022 it reached $35,000 per victim. While the decrease in the number of victims is a clearly good thing, the increase in the average financial loss per victim doesn’t bode well for those who are ensnared by criminals’ ploys.
In terms of financial damage, the most notable types of elder fraud were cryptocurrency related (connected to $1.1 billion in losses by people over 60), investment scams ($990 million) and tech support scams ($590 million). However, in terms of number of victims affected, tech support scams were the most commonplace, affecting 18,000 people over 60. The next closest crime in terms of people impacted was cryptocurrency fraud, which affected 10,000 individuals.
Across the 30 different categories of crimes examined by Incogni researchers, 12 were determined to depend at least in part on the availability of the victim’s personal data.
To people familiar with the world of open-source intelligence (OSINT) and/or commercial people data brokers this will come as no surprise. It is relatively easy for criminals to gain access to personally identifiable information (PII). A tremendous amount of personal information exists on the regular, surface web that can be exploited without special tools or access to nefarious marketplaces. When you include the solutions for accessing deep web repositories of information and dark web marketplaces for personally identifiable information, the possibilities are nearly endless.
This exposure of one’s personal data to potentially nefarious actors can be partially mitigated by asking companies to remove it from their databases as part of their compliance obligations with regulations like the General Data Protection Regulation (GDPR) for citizens of the European Union and the Californian Consumer Privacy Act (CCPA) for Californians. In general, above-board companies enable individuals to request that their data be removed from company databases regardless of the individual’s citizenship or location of residence to ensure compliance with all data privacy regulations.
To assist in the tedious process of contacting all the companies that store one’s data and request removal, consumers can use service providers, such as Incogni, to handle the process for them for a fee. However, it is possible to handle this by oneself. For this purpose, there are published guidebooks such as OSINT expert Michael Bazzell’s “Extreme Privacy: What It Takes to Disappear.”
For more information on elder scams in the U.S. or to file an elder fraud complaint on behalf of a U.S. citizen, visit the relevant section of the IC3 website.