Online Scam Myths Costing Older Adults Billions in 2025

The Billion-Dollar Problem Hiding Behind Outdated Beliefs

Here’s a number that should stop you cold: Americans over 60 lost $4.8 billion to online fraud in 2024, according to the FBI’s Internet Crime Complaint Center. That’s a 43% jump from the year before. And the real figure is almost certainly higher, because the FBI estimates only about 20% of victims ever report the crime.

In my 12 years covering consumer technology, I’ve watched online scam myths become almost as dangerous as the scams themselves. These myths create a false sense of security—or a false sense of helplessness—that leaves people exposed. I hear them repeated at every tech workshop I attend, in every reader email I open, and even from otherwise sharp, internet-savvy adults.

The truth is that scammers have evolved dramatically. The defenses most people rely on are outdated by years. Let me walk you through the most damaging misconceptions I encounter and what the evidence actually says, so you can protect yourself and the people you care about.

Myth: “I’d Recognize a Scam Immediately—They’re Obvious”

This is the single most dangerous online scam myth I encounter. A decade ago, phishing emails were riddled with typos, bizarre formatting, and laughably fake logos. That era is over.

Today’s scam messages are generated using AI tools that produce flawless grammar, pixel-perfect brand logos, and personalized details pulled from data breaches. The FTC’s consumer advisory division reported in early 2025 that AI-generated phishing emails now fool even trained cybersecurity professionals in controlled tests roughly 25% of the time.

What Modern Scams Actually Look Like

Forget the Nigerian prince. Here’s what I see flooding inboxes and phones right now:

• Fake Medicare renewal notices that arrive via text and direct you to a clone of the official Medicare.gov website, complete with a working search bar and realistic navigation.
• “Fraud alert” calls spoofing your bank’s real phone number, where a calm, professional voice walks you through “securing your account” by moving money to a “safe” account the scammer controls.
• Package delivery texts from what appears to be USPS or UPS, containing a tracking link that installs malware or harvests login credentials.
• Investment pitches on social media using deepfake video of real financial commentators endorsing a cryptocurrency or stock.

The sophistication is staggering. If your entire defense strategy rests on “I’ll just spot the red flags,” you’re relying on a shield full of holes. The better approach is to verify independently—hang up and call the institution directly, navigate to websites by typing the URL yourself, and never click links in unexpected messages.

Myth: “Only People Who Aren’t Tech-Savvy Get Scammed”

This belief does real harm because it keeps victims silent. I often tell my readers: shame is the scammer’s best friend. When someone believes that only “gullible” people fall for fraud, they’re far less likely to report it, warn others, or even admit it to family members who might help them recover losses.

The data tells a very different story. A 2024 AARP study found that adults who described themselves as highly confident with technology were actually more likely to have lost money to an online scam than those who rated themselves as beginners. The reason? Overconfidence leads to faster clicking, less verification, and a dangerous assumption that “I would know.”

We’ve previously explored tech myths older adults still believe that hold them back, and this one consistently tops the list. Scammers don’t discriminate by skill level. They exploit emotions—urgency, fear, excitement, loneliness—and emotions don’t care how many apps you know how to use.

Myth: “My Bank Will Always Refund Me If I’m Scammed”

This misconception has cost retirees tens of thousands of dollars individually. The reality is nuanced and, frankly, not in your favor in many common scenarios.

If a thief steals your credit card number and makes unauthorized purchases, yes—federal law limits your liability to $50 under the Fair Credit Billing Act, and most banks waive even that. But here’s the critical distinction: if you authorized the transfer—even if you were manipulated or deceived into doing so—banks are under no legal obligation to refund the money.

The “Authorized Transfer” Trap

Scammers know this loophole intimately. That’s why the most profitable modern scams are designed to get you to move the money yourself:

• Wiring funds to a “safe account” during a fake fraud alert call.
• Buying gift cards and reading the codes to a “government agent” claiming you owe back taxes.
• Sending money via Zelle, Venmo, or CashApp to someone posing as a grandchild in trouble.

In 2024, the median individual loss for Americans over 60 who reported fraud to the FBI was $9,300. For those targeted by romance scams, it was over $50,000. These are retirement savings, and in many cases, they’re gone permanently.

If you’re already managing a tight retirement budget, a major scam loss can be devastating—especially combined with the kinds of Medicare premium myths quietly shrinking your Social Security check.

Myth: “I Don’t Need to Worry—I Don’t Do Much Online”

I hear this one constantly, and it reflects a fundamental misunderstanding of how modern scams work. You don’t have to be browsing the web for scammers to find you. They come to you—through phone calls, text messages, postal mail with QR codes, and even knocks on your front door from people claiming to be utility workers.

In fact, phone-based scams (calls and texts) accounted for the largest share of fraud losses among older adults in 2024, according to FTC complaint data. You don’t need a Facebook account or an Amazon login to receive a spoofed call from “Social Security” or a text about a “suspicious charge.”

The Offline-Online Blur

What I see most often is a blended attack. A scammer might send a legitimate-looking letter in the mail with a QR code that directs your phone to a malicious website. Or they’ll call pretending to be from your doctor’s office, asking you to “confirm” your insurance information. The Cybersecurity and Infrastructure Security Agency (CISA) has issued multiple alerts about QR code scams appearing on parking meters, restaurant menus, and even fake utility shutoff notices taped to doors.

The bottom line: minimal internet use does not equal minimal risk. Everyone with a phone number or a mailing address is a potential target.

Myth: “Antivirus Software Protects Me From Everything”

Antivirus software is genuinely useful. I recommend it. But believing it makes you invincible is like thinking a seatbelt means you don’t need to watch the road.

Modern antivirus tools are excellent at catching known malware—viruses, trojans, and ransomware that have already been identified and cataloged. But the majority of scams targeting older adults in 2025 don’t rely on malware at all. They rely on social engineering: tricking a human being into taking an action.

No antivirus program on earth will stop you from:

• Giving your Social Security number to a convincing caller.
• Wiring money to a fake investment platform.
• Entering your bank login on a perfectly cloned phishing site you navigated to voluntarily.
• Buying $5,000 in gift cards because someone posing as the IRS told you to.

Security software is one layer of protection. It needs to be paired with behavioral habits—pausing before acting on any urgent request, verifying identities through independent channels, and never sharing passwords, PINs, or one-time verification codes with anyone who contacts you.

Myth: “If the Caller ID Shows a Legitimate Number, It’s Real”

Caller ID spoofing has been cheap and easy for criminals for years, yet this myth persists stubbornly. Scammers can make any number appear on your screen—your bank, the IRS, your local police department, even your own phone number.

The technology behind this is called VoIP (Voice over Internet Protocol) spoofing, and services that enable it cost pennies per call. The FCC has been working on the STIR/SHAKEN framework to authenticate caller identity, but implementation remains incomplete, and scammers adapt quickly.

My rule of thumb, which I share in every workshop: Never trust inbound contact. If someone calls claiming to be from your bank, Medicare, the SSA, or any institution, hang up politely and call the number printed on your card, your statement, or the official website. Legitimate organizations will never penalize you for verifying their identity.

Myth: “Scammers Only Go After Rich People”

This is flatly wrong, and it’s one of the online scam myths that leaves lower- and middle-income retirees particularly unguarded. Scammers cast wide nets. They send millions of phishing emails and robocalls because the cost per attempt is essentially zero. They don’t know your bank balance when they contact you—and frankly, they don’t care.

Gift card scams—where victims are told to buy prepaid cards and read the codes over the phone—frequently target people for amounts as low as $200 to $500. Romance scams often start with small “loans” before escalating. Tech support scams, where a pop-up claims your computer is infected and you need to call a number immediately, typically extract $200 to $1,000 per victim.

AARP’s technology resource center has documented that scammers increasingly target people receiving fixed incomes precisely because those victims are less likely to have sophisticated financial monitoring and more likely to panic at the thought of losing limited funds. The emotional pressure on someone living on Social Security is a feature of the scam, not a bug.

Understanding your financial vulnerabilities is crucial, which is why we’ve also covered the online scam myths older adults still believe in 2025—because awareness is the first real line of defense.

What Actually Works: Building Real Defenses

After years of reporting on these crimes and interviewing both victims and fraud investigators, I can tell you that effective protection isn’t about one magic tool. It’s about layered habits that become second nature.

Slow Down Every Transaction

Scammers manufacture urgency. “Your account will be closed in 24 hours.” “Your grandson needs bail money right now.” “This deal expires today.” The single most effective defense is pausing. Sleep on any financial decision prompted by an unexpected contact. Real emergencies can wait 15 minutes while you verify.

Use a Password Manager

Reusing passwords across sites is the digital equivalent of using the same key for your house, car, and safe deposit box. A password manager like Bitwarden (free) or 1Password generates and stores unique, complex passwords for every account. If one site gets breached, nothing else is compromised.

Enable Two-Factor Authentication (2FA)

Turn on 2FA for every account that offers it—especially email, banking, and social media. This means even if someone steals your password, they can’t log in without a second verification code sent to your phone or generated by an authenticator app.

Talk About It

The most underrated scam defense is conversation. Tell a family member, friend, or neighbor before you send money to anyone for any reason prompted by an unexpected contact. Scammers isolate their victims deliberately. Breaking that isolation breaks their power.

The Bottom Line: Myths Are the Real Vulnerability

Technology isn’t the enemy here. In fact, the same tech that scammers exploit—smartphones, email, online banking—also gives you powerful tools to protect yourself, stay connected, and live independently. The danger isn’t in using technology. It’s in carrying around outdated beliefs about how fraud works in 2025.

Every online scam myth I’ve debunked in this article has a real cost—measured in billions of dollars, shattered trust, and diminished independence. The good news is that awareness is genuinely protective. Studies consistently show that people who have been educated about current scam tactics are significantly less likely to fall victim.

You don’t need to become a cybersecurity expert. You just need to replace old assumptions with current knowledge, build a few solid habits, and refuse to be rushed. That’s a defense no scammer can hack.