Cyber Threats Facing Vulnerable Rural Populations
According to a report by USDA, in the United States 19 percent of the rural population is 65 years or older, compared with 15 percent in urban areas. As should be expected, the elderly population is susceptible to many scams including those committed via the internet.
It must be noted that even though cybercriminals do target all population groups, the vulnerable rural population may be an easier target because cybercriminals expect higher success rate in extorting the elderly group than in the younger, urban population. For this reason, resources should be allocated in providing not only broadband access but also cyber defense to the vulnerable rural populations. The current urban-rural digital divide only creates opportunities for cybercriminals because when internet speeds are slow in rural areas, the rural population is left behind in areas such as digital access to useful resources including those involving cybersecurity awareness trainings.
Since cybercrimes targeting rural population is mostly individualized, we rarely hear about these individual victims on the national media. While it’s questionable whether it pains any less if one is a single victim of individualized data breach or one in a million victims of a data breach targeting a Fortune 500 company, individualized breaches just do not carry the same gravitas as those affecting large corporations and other institutions. Although the emotional and financial pain to the victims of a breach may be the same, the financial impact on the victimized organization and the cost to the economy may be significantly higher.
The goal of most cybercriminals is simply to acquire data related to the victim’s Personally Identifiable Information (PII). The PII data can be monetized in the dark web, or the criminals can just use it to apply for credit cards, loans etc. in the victim’s name. Traditionally, PII covered the victim’s Social Security Number (SSNs), mailing address, age, and phone number. This was enough information for cybercriminals to monetize the data in the dark web. However, digital technologies have expanded the PII’s scope to include email and IP addresses, login ID, digital images, geolocation data, biometric data and even social media posts and social media images. For security service providers, this means that there must be specific policies and safeguards around all the possible PII data sources in order to provide effective cyber defense to the consumers/users. The vulnerable population and indeed all consumers need to be educated on what constitutes sensitive information that they should protect and never share with unauthorized persons. They also need to know how to detect and prevent cyber scammers from victimizing them.
Scammers go phishing
Phishing is still a very popular way of extorting money from victims. For elderly rural populations, especially those who are living alone (and lonely), they may be susceptible to phishing emails promising romance and companionship from complete strangers. Once they open the phishing emails and start communicating with the stranger, the scammer can take control of a connected device, or simply continue pretending to be “a trustworthy lover” and eventually lure them to disclose their PIIs and even request them to wire huge sums of money from their bank accounts.
It should be noted that this type of phishing scam originates from the internet and therefore, can be prevented by cybersecurity. Internet service providers serving elderly rural populations can help in mitigating email phishing risks and other internet scams by activating cyber defense applications such as anti-virus, anti-malware, and DNS filtering capabilities on their end as well as on their customers’ routers (gateways). Customer endpoints also require protection, but these are largely outside the service provider’s control. Therefore, education is essential to help the elderly population understand cybersecurity risks, including some tricks used by cybercriminals, and how to protect from them.
In summary, the following are some basic mitigation strategies to help end users, including the vulnerable populations in rural areas, defend themselves against cyberthreats.
- Install reputable Anti-Virus software to block viruses and other malware
- Utilize Domain Name System (DNS) and Content Filtering to ensure safe internet browsing. DNS filtering can help to block malicious websites.
- Create complex passwords that cannot be easily guessed. For example, using combinations of at least 12 letters, numbers, and special characters. This will go a long way in protecting sensitive data from being accessed by unauthorized persons.
- Secure Wi-Fi network with a strong password. Turn off remote management of residential gateways and routers and ensure wireless access points offer WPA2 or WPA3 encryption to maintain the highest level of privacy of information sent via your network.
- Update software and apps regularly to maintain latest version of software patches that fix security flaws.
- Permanently delete sensitive data from computers/connected devices when no longer required.
- Never click on a link, open pop-up, etc. from unknown source.
- Communications service providers should share information on cyberthreats with their customers to help create awareness of the threats targeting vulnerable population.
- Follow security-related announcements shared by reputable sources, e.g., service providers, to be informed about widespread phishing campaigns and other current threats.
To conclude, we must understand that there are many reasons why cybercrimes targeting the vulnerable populations may go on undetected:
- The elderly victims may take a very long time to realize that they have been scammed, and they could be scammed multiple times before telling anybody.
- The victims may not be exposed to the current cyber threat landscape. This is not a subject that elderly people talk about as they are not digitally oriented like the younger population.
- The elderly population may still not be comfortable with using online services, e.g., online banking. This is true even though they may have opened active online accounts. Lack of technology savviness means that a scammer may contact them pretending to be an online banking tech and lure them to disclose very sensitive information.
- Rural areas are not a major investment destination for cybersecurity, technology, and telecommunications networks. This means that these areas are generally underserved, and breaches occur without efforts and resources deployed for their mitigation.
- Many find it embarrassing to admit that they have been scammed. It brings shame and fear of perhaps losing control of their independence. They fear that it may be assumed that they were scammed because they are suffering from memory loss and therefore need to be cared for. Some may prefer to be silent victims and maintain their independence than report cases of cybercrimes.
James Opiyo is a Senior Consultant for Security Strategy and has over 15 years of professional experience working for telecom companies.