Are You at Risk of Online Fraud? A Guide to Keeping Seniors Safe Online in 2026

Why Are Seniors Targeted Online?

Older Australians are increasingly targeted by online scammers, not because they are careless, but because scammers know exactly how to exploit trust and routine.

According to ACCC Scamwatch, Australians aged 65 and over lost more than $120 million to scams in 2023. The impact increased further in 2024.

Figures reported to the National Anti-Scam Centre estimate that scams have cost Australians more than $318 billion overall, with over $159 billion of these losses affecting people aged 55 and over. These numbers highlight the significant and ongoing harm scams cause within older Australian communities.

Seniors are often targeted because they may:

• Be less familiar with newer digital platforms or scam techniques
  
• Be more likely to answer unknown calls or open official-looking emails
  
• Have savings, superannuation, or long-held financial accounts
  
• Live alone or experience social isolation
  
  

How Online Scams Work: The Role of Psychology

Scammers are highly strategic about when they make contact. Many target people during periods of vulnerability, such as illness, grief, financial stress, major life changes, or even simple exhaustion. Some victims report being contacted late at night, when they were tired and less able to think clearly, while others were targeted during emotionally overwhelming moments when their focus was elsewhere.

Rather than relying on advanced technology, most online scams use social engineering — a deliberate technique that manipulates emotions and human behaviour. By triggering fear, concern, or responsibility, scammers bypass logic and push people into fast decisions.

Common scam messages often sound familiar and convincing, such as:

• “There’s an issue with your bank account — click here to fix it.”
• “You’re owed a refund from a government department.”
• “Your grandson is in trouble overseas and needs urgent help.”
• “Your account has been suspended — verify your details now.”

The language is designed to feel urgent and personal. The goal is always the same: to rush the recipient into acting before they have time to pause, question the message, or verify the information through trusted channels.

Understanding this emotional manipulation helps shift the focus away from blame and toward awareness, because scams succeed by exploiting human vulnerability, not a lack of intelligence.

According to Scamwatch, phishing remains the most reported scam category in Australia. These scams appear to come from legitimate companies like MyGov, Australia Post, or your bank. These scams attempt to create urgency or fear to push people into acting quickly.

These scams promise guaranteed returns or early access to cryptocurrency profits. According to Scamwatch, losses to investment scams topped $1.5 billion in 2023.

The dark web is a hidden part of the internet where stolen personal data is traded.

This includes:

• Email addresses and login credentials
• Medicare and passport numbers
• Phone numbers and banking details

Your information could remain accessible to scammers years after a breach. That’s why changing passwords and enabling security features matters even if the breach happened a long time ago.

1. Stop immediately. Change your passwords and log out all devices if possible.
2. Don’t click, reply, or pay
3. Contact your bank as soon as possible. Acting quickly gives you the best chance of stopping further losses.
4. Talk to someone you trust (family member, friend, or carer)
5. Contact the organisation directly using a phone number from their official website
6. Report it to Scamwatch or your local consumer authority to help authorities track scam activity and warn others.

No one should be blamed or spoken to harshly for being scammed. If you are treated poorly or made to feel at fault, remember that this behaviour is not acceptable.

You have the right to ask questions, request help, and make a complaint if necessary.

Many older Australians who were scammed were able to recover some or all of their money, most often with help from their bank. Banks helped by identifying unusual activity, stopping transactions, freezing accounts, and in many cases refunding stolen funds. Sometimes the bank noticed the problem first. Other times, the customer contacted the bank after spotting something unusual.

You don’t need to be tech-savvy to protect yourself online — just aware, cautious, and willing to follow a few simple steps. Below are trusted tools and how to use them, step by step.

1. LastPass (Free Password Manager)

What it is:
LastPass is a secure password manager that creates and stores strong passwords for you. You only need to remember one master password, LastPass remembers the rest.

Why it matters:
If you use the same or similar passwords for multiple accounts, a single breach could expose all your logins. LastPass helps keep every account secure.

How to use it:

1. Create Account: Visit LastPass website, sign up with your email, and create a strong master password that you write down and keep safe.
2. Install LastPass: Add the LastPass extension to your computer browser or install the mobile app on your phone or tablet (LastPass Free can only be used on one type of device, either a computer or a mobile phone/tablet, not both at the same time).
3. Save Passwords: When you log into a website, LastPass will ask to save your username and password, click save, or add them later to the vault.
4. Use Autofill: When you return to a saved website, LastPass will automatically fill in your login details so you don’t need to type them.
5. Generate Strong Passwords: Use LastPass’s password generator when creating new accounts to make long, secure passwords you don’t need to remember.
6. Access Your Vault: Sign in to LastPass with your master password to view, edit, or use all your saved passwords in one secure place.

Tip: Write down your master password and store it somewhere safe (not on your device).

2. Reverse Image Search (Google or TinEye)

What it is:
Helps detect fake profile photos, useful for romance scams or suspicious social media contacts.

How to use it on a computer (Google Images):

1. Open your internet browser (Chrome, Edge, Safari, etc.)
2. Go to Google Images (images.google.com)
3. Click the small camera icon in the search bar
4. Choose one of these options:

• Upload an image from your computer
• Drag and drop a photo into the box
• Paste a web address (URL) of the image

   5. Google will show:

• Similar images
• Websites using that picture
• Related information

3. Domain Look-Up – Check If an Email Is Legitimate

What it is:
Scammers use fake email addresses that look almost real. Checking the domain helps identify if it’s trustworthy.

How to do it:

Option A – Google it:

1. Look at the domain (the part after @). Example: @my-bank-alert.com
2. Search the domain in Google using quotes: "my-bank-alert.com"
3. If no official business comes up, it’s likely a scam

Option B – Use a domain lookup tool:

1. Go to https://who.is
2. Enter the domain (e.g. my-bank-alert.com)
3. See:
4. When it was created (recent = suspicious)
5. Who owns it (if available)

4. Have I Been Pwned

What it is:
A website that checks if your email address or phone number was part of a known data breach.

Why it matters:
If your details were leaked in a hack, they could be sold on the dark web and used for fraud.

How to use it:

1. Go to www.haveibeenpwned.com
2. On the homepage, you will see a large search box.
3. Carefully type your email address or mobile phone number (include the country code if asked).
4. Click the button. After a few seconds, you’ll see one of two results:

🟢 Green: No data breach found.
🔴 Red: Your details were in a breach — change your passwords.

What to do if your email shows up:

• Change your password immediately
• Use LastPass to create a new strong one
• Enable two-factor authentication if possible
• Consider signing up for alerts on the site