Deceptive emails, or “phishing” messages, can have significant consequences for anyone who falls for this type of attack. A new study investigated how age may be a factor in discerning whether an email is genuine or a phishing attempt.
Phishing emails attempt to deceive the recipient into downloading malicious software or providing personal information. In this study, 65 adults age 50 and better (average 69 years), completed the Phishing Email Suspicion Test. For this test, participants were presented with an inbox-like program that showed real phishing and genuine messages that had been sent in the past. Simulated emails of either type were also mixed into the inbox. Participants spent about an hour reviewing 120 emails, drawn from a pool of 348 total messages, and rated how safe or suspicious they found each one. Only participants who passed a cognitive screener with no impairments were included in the study.
The researchers found that older age was indeed associated with lower accuracy in identifying phishing emails (either real or simulated), compared to real genuine emails. Older participants did not find emails to be any safer overall than middle-age older adults; they were just less likely to discern the difference between phishing and genuine emails. This ultimately meant that older adults were not only more likely to rate phishing emails as safe, but also tended to be unnecessarily suspicious of genuine emails.
While this study only examined perceived suspiciousness of emails, not real click behavior, it was a good indicator of one reason older adults may be more vulnerable to phishing attempts. The setup of the study was also a good simulation of a real-world situation. However, the emails themselves, even the genuine ones, were not necessarily relevant for participants (i.e., not emails that participants personally received), which could be one reason older participants were overly suspicious of genuine emails. Future research will be needed to uncover why older adults would be less accurate in determining real vs. fake messages and whether training/education would be helpful for this demographic.
Want to keep up with recent research that’s relevant to aging services? Use the form below to subscribe to our monthly InvestigAge email.
Grilli, M. D., McVeigh, K. S., Hakim, Z. M., Wank, A. A., Getz, S. J., Levin, B. E., Ebner, N.C.. & Wilson, R. C. (2021). Is this phishing? Older age is associated with greater difficulty discriminating between safe and malicious emails. The Journals of Gerontology: Series B, 76(9), 1711-1715. https://doi.org/10.1093/geronb/gbaa228