Finger pointing at tablet with graphics background

As RRSP season nears and you counsel soon-to-be retirees, now is the perfect time to teach them about the risks that lurk online.

Seniors are more tech-savvy than ever before. According to Statistics Canada, 85% of 65- to 69-year-olds used the internet in 2016, up from 46.9% in 2007. Yet, seniors frequently are isolated and their possession of accrued retirement assets makes them the perfect target for online criminals.

Scams and fraud were by far the most popular online crimes reported to police in Canada last year, accounting for 49.8% of all cybercrime, according to StatsCan. Online scammers can target seniors via websites, email or phone, and the scams come in various forms.

“Advance fee scams” use various pretexts to extract as much cash as possible from a victim. In those cases, the scammer lures the victim with a reward, bilking them for money without ever delivering.

An example is romance scammers, who form relationships with lonely victims through online dating sites or social media. Eventually, the scammer asks for money to pay debts or to come to meet the victim. The Royal Canadian Mounted Police say romance scammers ripped off 760 people in Canada last year for a cool $22.5 million – an average loss of almost $30,000 each.

In another advance fee scam, the attacker claims to have received a fortune while abroad and wants to get the money out of the country. The victim is the lucky mule who will get to keep a percentage of the profits. All that’s needed, of course, is a small processing fee.

The Ontario Securities Commission says investment scams target Canadians over 50 years of age. These scams include foreign exchange scams (in which someone promises to earn great returns by trading foreign currency with the victim’s money, but in reality just steals it) and offshore investment scams (once the victim’s money leaves the country, it’s almost impossible to retrieve). Both scams arrive via social media or websites.

Phishing scams arrive by email to dupe the victim into clicking on a link and entering their details into a fraudulent website. In this scenario, scammers often impersonate banks for access to the victims’ bank account. These scammers can steal money from the account or use the account to move the proceeds of cybercrime. Phishing attacks increasingly arrive via SMS text messages.

Another online fraud commonly delivered either by a malicious web ad or by phone is the tech support scam. The victim will get a phone call or a browser window will pop up claiming that the victim’s computer is broken. If the victim gives the scammer access to the computer, the perpetrator will often introduce real problems on to the computer or claim that expired software licences have broken the system, either of which the scammer can “fix” for a fee.

Email and SMS also are common delivery methods for scams in which the cyberattacker pretends to be an agent of the Canada Revenue Agency and either promises a refund or threatens legal action for non-payment of overdue taxes. The scammer either persuades victims to send money to a fraudulent account or phishes them for detailed personal information that then is used for a classic crime: identity theft.

Identity thieves use a victim’s personal information to do things in their name, such as taking out credit cards or loans, purchasing mobile phones and opening bank accounts. These cybercriminals also may sell victims’ information to other criminals.

Here are some steps your clients can take to help protect themselves from cybercriminals:

> Protect your computer

Avoid clicking on email attachments or links from people you don’t know. These emails may contain malware. If you know the sender, reply to your contact to be sure they sent the original email before opening it.

You also can use anti-malware software that helps protect your computer against malicious software and websites.

Avoid connecting to websites using public Wi-Fi; instead, use a virtual private network to prevent snooping.

> Protect your identity

Use a password manager, such as LastPass or Bitwarden. These will generate strong passwords, store them safely and fill out online login forms automatically.

Where possible, use a second security system besides your password. These include biometric sign-ins (many phones and tablets now have fingerprint or facial scanners) or authentication apps on your mobile phone, such as Google Authenticator.

> Protect your mobile phone

Block unknown phone calls by setting restrictions on the calls that come through your phone. The CRTC offers a list of options for managing unwanted calls at

> Be skeptical

If an unknown person pressures you to do something, especially involving money or your personal information, say no and block further calls or emails from that person.

> Be secretive

Set strict account privacy settings on social media and don’t publish too much detail (e.g., your birthday, address, location, holiday plans or financial information). IE

Futher reading

After educating senior clients about the risks of online fraud, point them toward some other resources.

The following organizations offer online fraud-protection resources:


Seniors Guidebook to Safety and Security:

> Canadian Anti-Fraud Centre

Scams Targeting Seniors:

> Canada Revenue Agency

Fraud Prevention:

> Canadian Securities Administrators

Investor due diligence site:

Investor tools: