Email scams have become one of the fastest ways scammers steal money from older adults. A single click can expose bank accounts, personal data and retirement savings built over a lifetime. That growing risk is what prompted Bob to write to us with a question many families are now facing:

“My friend’s father is 95 and absolutely lives through his phone/laptop. He refuses to give up either and often clicks on email links. A few years ago, he got caught up in a gift card scam that almost cost him his life savings. It’s not taking away the car keys anymore; it is taking away the email and access to online banking! What do you recommend that his daughter do to protect his online presence?”

Bob is right. For many seniors, email and online banking have replaced car keys as the most dangerous access point. The goal is not to take devices away. It is to quietly put guardrails in place so one bad click does not turn into a financial disaster.

Here is a practical plan families can actually use.

HACKERS ABUSE GOOGLE CLOUD TO SEND TRUSTED PHISHING EMAILS

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

 1) Separate money from daily email use

Start by limiting how much damage a single click can cause. If possible, remove online banking access from the devices used for email. When that is not realistic, open a second checking account with only everyday spending money and link it to a debit card for routine purchases.

Keep primary savings accounts offline or set to view-only access. If available, require in-branch or phone verification for transfers above a set amount. This way, even if credentials are compromised, the largest accounts remain protected. 

2) Lock down email to stop scams targeting seniors

Email is the number one entry point for scams targeting seniors. Strong filtering matters. Use an email provider with advanced spam protection, such as Gmail or Outlook.com. In the email settings:

• Turn off automatic image loading
• Disable link previews
• Block or auto-quarantine attachments from unknown senders
• Automatically move messages from unknown senders to a Review folder

If available, enable warnings for emails that use familiar display names but come from unfamiliar addresses. This helps stop impersonation scams that pretend to be family, banks or service providers. These steps slow scammers down and reduce impulse clicks before damage happens.

Email is dominant, but voicemail and callback scams are also growing fast among seniors, often as a follow-up to phishing emails. If possible, silence unknown callers and block voicemail-to-email transcription for unfamiliar numbers, since many scams now start with urgent callback messages rather than links.

3) Add a trusted second set of eyes

Next, add safety nets that notify family members when something looks wrong. Enable banking alerts for large withdrawals, new payees, password changes, unusual logins and new device sign-ins. Add his daughter as a trusted contact wherever the bank allows it. If available, enable delays or approval requirements for first-time transfers to new payees. This creates a cooling period that can stop scam-driven transactions. For email accounts, set up a recovery contact so that his daughter is notified immediately if someone attempts to access or reset the account.

Enable two-factor authentication (2FA) on email and banking accounts, but pair it with device and transfer alerts, since many scams now succeed even when 2FA is enabled.

4) Harden devices so clicks do not equal catastrophe

Devices should be set up to fail safely. Keep operating systems and browsers updated. Make sure the laptop uses a standard user account instead of an administrator account. This prevents software from installing without approval. Install real-time protection that blocks scam sites before they load. Strong antivirus software helps block malicious links and fake login pages automatically.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

5) Use a password manager to block fake logins

Password reuse makes scams far more dangerous. Fake pop-ups and lookalike websites are designed to trick people into typing usernames and passwords by hand. A password manager removes that risk by storing credentials securely and autofilling them only on legitimate websites. If a page is fake or malicious, the password manager will not fill anything. That simple refusal often prevents account takeovers before they start. Password managers also reduce frustration by eliminating the need to remember or reuse passwords across email, banking and shopping accounts. When set up correctly, this protection works quietly in the background on both phones and laptops.

Many phishing scams no longer rely on obvious fake emails. They rely on realistic login pages. Autofill protection is one of the most effective ways to stop these attacks without changing daily habits.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

MALICIOUS CHROME EXTENSIONS CAUGHT STEALING SENSITIVE DATA

6) Freeze credit and monitor identity exposure

If scammers already have personal information, prevention alone is not enough. Freeze credit with Experian, TransUnion and Equifax to prevent new accounts from being opened. Also, place freezes with ChexSystems and the National Consumer Telecom and Utilities Exchange to stop criminals from opening bank accounts, phone lines, or utility services in his name.

If possible, request an IRS Identity Protection PIN to prevent tax-related identity theft.

Add ongoing identity monitoring so suspicious activity triggers alerts quickly. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

7) Set clear rules around scams and payments

Technology helps, but expectations matter. Have one calm conversation and agree on simple rules:

• No gift cards for urgent emails or texts
• No sending money through unfamiliar apps or cryptocurrency
• Always call a trusted family member before acting on urgency

Post these rules near the computer or phone. Visual reminders reduce panic decisions. Also, before setting rules, choose one primary trusted contact. Multiple helpers can slow response during urgent scams and create confusion when fast decisions matter. That person should be the default call for anything urgent involving money, account access, or unexpected requests.

8) Reduce exposure with a data removal service

Scammers often find seniors by pulling personal details from public data broker websites. These sites publish phone numbers, addresses, relatives and age information that make targeting easier. A data removal service works behind the scenes to opt seniors out of these databases and reduce how much personal information is publicly available online. Fewer exposed details means fewer scam calls, fewer phishing emails and fewer impersonation attempts. This step does not stop every scam, but it significantly lowers how often seniors are targeted in the first place.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

9) Use senior-friendly monitoring tools the right way

Many tools designed for child safety also work well for seniors when used thoughtfully. When configured correctly, they add protection without interfering with daily routines.

Below are device-specific steps families can use today.

iPhone and iPad

Apple’s built-in Screen Time tools provide strong protection without installing extra apps.

What to set up:

• Open Settings and tap Screen Time
• Turn on Screen Time for the device
• Tap Content & Privacy Restrictions and turn it on
• Under App Store Purchases, set app installs to Don’t Allow
• Tap Web Content and limit access to approved or safe websites
• Set a Screen Time passcode known only to the caregiver

If the caregiver wants remote visibility or control, add the device to Family Sharing and manage Screen Time from the caregiver’s Apple ID.

BROWSER EXTENSION MALWARE INFECTED 8.8M USERS IN DARKSPECTRE ATTACK

Why this helps: It blocks many scam sites, prevents accidental app installs and stops fake update prompts from causing damage.

Android phones and tablets

Android offers built-in protections and optional supervised controls.

What to set up:

Settings may vary depending on your Android phone’s manufacturer

• Open Settings and go to Digital Wellbeing & parental controls
• Turn on parental controls for the device
• Restrict app installs and require approval for new downloads
• Enable Safe Browsing and website filtering
• Turn on alerts for new app installs and account changes

For families who want shared oversight, Google Family Link can be used to supervise app installs and receive alerts, as long as both parties agree.

Why this helps: Many Android scams rely on fake app installs. These settings block that path.

Windows computers

Windows protection works best when user accounts are set correctly.

What to set up:

• Create a standard user account for daily use
• Keep the caregiver account as the only administrator
• Turn on Microsoft Family Safety if available
• Enable SmartScreen and browser phishing protection
• Block software installs without administrator approval

Why this helps: Malware often installs silently on admin accounts. This setup prevents that.

Mac computers

macOS includes built-in controls similar to those on iPhone and iPad.

What to set up:

• Create a standard user account for the senior
• Limit administrator access to a trusted caregiver
• Open System Settings and enable Screen Time
• Restrict app installs and system changes
• Keep built-in malware and phishing protections enabled

Why this helps: It prevents fake software updates and malicious downloads from installing.

10) Best practices for all devices

• Use alert-only or limited-control settings whenever possible
• Review settings together so expectations are clear
• Avoid tools that feel invasive or confusing
• Focus on blocking harm, not monitoring behavior

This is not about spying. It is about adding digital seatbelts while preserving independence. When used respectfully, these tools reduce risk without changing daily habits.

Pro Tip: Use a secure email service for added privacy

For families looking to go a step further, switching to a secure email service can significantly reduce scam exposure. Privacy-focused email providers are designed to limit tracking, block hidden tracking pixels, and reduce how much data advertisers or scammers can collect from inbox activity. Many secure email services also offer disposable or alias email addresses for one-time signups. If an alias starts receiving spam or scam messages, it can be disabled without affecting the main email account. This makes it easier to keep a primary email address private and limit long-term exposure. Secure email platforms typically include features like encrypted messages, no advertising and stronger privacy controls. While switching email providers is optional, it can be a useful upgrade for seniors who receive large volumes of spam or have been repeatedly targeted by scams.

Why it matters: Less tracking means fewer scam attempts. Aliases reduce how often personal email addresses are exposed, without changing daily habits.

For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

Protecting seniors online is not about control. It is about prevention. Email scams are designed to exploit trust and urgency, especially in people who did not grow up with digital threats. Smart guardrails protect independence while preventing irreversible mistakes. If email and banking are today’s car keys, families need modern safety features to go with them.

If your parent clicked a scam email right now, would you know before the money was gone? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

In 2023, what was then still called Twitter, open-sourced at least portions of the code that decided what it served up in your feed. But that GitHub repository is hopelessly out of date, with the vast majority of the files appearing to be from the initial upload three years ago. Elon Musk says that in seven days, he will open-source X’s new algorithm and finally give people a peek behind the curtain and possibly a technical explanation as to why your feed is 90 percent rage bait.

Elon has always made promises to open-source parts of X, and has followed through to at least some degree, including Grok-1 in 2024. But xAI is now on Grok-3, and the Grok GitHub repository hasn’t been updated in two years. The timing of the announcement open-sourcing the X algorithm is also likely to be met with some suspicion, as Musk is fending off criticism from across the globe and the political spectrum regarding Grok’s willingness to make deepfake nudes.

Musk says this release of the X algorithm will include “all code used to determine what organic and advertising posts are recommended to users.” He also says this will be just the first, with updates coming every four weeks, and that those will include developer notes highlighting any changes. Of course, considering how things played out in 2023, you’ll have to forgive us for taking that promise with a grain of salt.

When a healthcare data breach is first disclosed, the number of people affected is often far lower than the final tally. That figure frequently climbs as investigations continue. 

That’s exactly what happened with Andover, Massachusetts-based Covenant Health. The Catholic healthcare provider has confirmed a cyberattack discovered last May may have affected nearly 500,000 patients, a sharp increase from the fewer than 8,000 people it initially reported earlier this year. 

A ransomware group later claimed responsibility for the incident, though Covenant Health has not publicly confirmed the use of ransomware. The attackers accessed names, addresses, Social Security numbers and health information, among other sensitive data that could put patients at serious risk.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

UNIVERSITY OF PHOENIX DATA BREACH HITS 3.5M PEOPLE

What happened in the Covenant Health breach

Covenant Health says it detected unusual activity in its IT environment May 26, 2025. A later investigation revealed that an attacker had actually gained access eight days earlier, on May 18, and was able to access patient data during that window.

In July, Covenant Health told regulators that the breach affected 7,864 individuals. After completing what it describes as extensive data analysis, the organization now says that up to 478,188 individuals may have been affected.

Covenant Health operates hospitals, nursing and rehabilitation centers, assisted living residences and elder care organizations across New England and parts of Pennsylvania. That wide footprint means the breach potentially touched patients across multiple states and care settings.

In late June, the Qilin ransomware group claimed responsibility for the attack, Bleeping Computer reported. The group alleged it stole 852 GB of data, totaling nearly 1.35 million files. Covenant Health has not confirmed those figures, but it did acknowledge that patient information was accessed.

According to the organization, the exposed data may have included names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance details and treatment information such as diagnoses, dates of treatment and types of care received.

700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS

What Covenant Health is telling patients

In a notice sent to regulators and patients, Covenant Health says it engaged third-party forensic specialists to investigate the incident and determine what data was involved. The organization says its data analysis is ongoing as it continues identifying individuals whose information may have been involved.

Then there are the familiar statements every company makes after a breach, claiming they’ve strengthened the security of their IT systems to help prevent similar incidents in the future. Covenant Health says it has also set up a dedicated toll-free call center to handle questions related to the breach.

Beginning Dec. 31, 2025, the organization started mailing notification letters to patients whose information may have been compromised. For individuals whose Social Security numbers may have been involved, Covenant Health is offering complimentary credit monitoring and identity theft protection services.

We reached out to Covenant Health, and the company confirmed the expanded scope of the incident and outlined steps being taken to notify patients and enhance security safeguards.

DATA BREACH EXPOSES 400K BANK CUSTOMERS’ INFO

7 steps you can take to protect yourself after the Covenant Health breach

If you received a notice from Covenant Health, or if your data has been exposed in any healthcare breach, these steps can help reduce the risk of misuse.

1) Enroll in the free identity protection offered

If the organization offers you credit monitoring or identity protection, take it. These services can alert you to suspicious activity tied to your Social Security number, credit file or identity details before real damage is done. If you’re not offered one and want to be on the safer side, you might consider getting one yourself.

Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

2) Monitor medical and insurance statements closely

Medical identity theft often shows up quietly. Review an explanation of benefits (EOBs), insurance claims and billing statements for services you don’t recognize. If something looks off, report it to your insurer immediately.

3) Place a fraud alert or credit freeze

A fraud alert tells lenders to take extra steps to verify your identity before approving credit. A credit freeze goes further by blocking new accounts entirely unless you lift it. If Social Security numbers were exposed, a freeze is usually the safer option.

To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.” 

4) Use a password manager

Healthcare breaches often lead to credential-stuffing attacks elsewhere. A password manager ensures every account uses a unique password, so one exposed dataset can’t unlock everything else. It also makes it easier to update passwords quickly after a breach.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

5) Be cautious of phishing scams and use strong antivirus software

Breaches are frequently followed by phishing emails, texts or calls that reference the incident to sound legitimate. Attackers may pose as the healthcare provider, an insurer or a credit bureau. Don’t click links or share information unless you verify the source independently.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

6) Consider a personal data removal service

Once your data leaks, it often spreads across data broker sites. Personal data removal services help reduce your digital footprint by requesting takedowns from these databases. While they can’t erase everything, they lower your exposure and make targeted fraud harder.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

7) Review your credit reports regularly

You’re entitled to free credit reports from all major bureaus. Check them for unfamiliar accounts, hard inquiries or address changes. Catching fraud early makes it far easier to contain.

Kurt’s key takeaway

Healthcare organizations remain prime targets for cybercriminal groups because of the volume and sensitivity of the data they store. Medical records contain a mix of personal, financial and health information that is difficult to change once exposed. Unlike a password, you cannot reset a diagnosis or treatment history. This breach also shows how early disclosures often underestimate impact. Large healthcare networks rely on complex systems and third-party vendors, which can slow forensic analysis in the early stages. As investigations continue, the number of affected individuals often climbs.

Do you think healthcare organizations do enough to protect user data? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

Copyright 2025 CyberGuy.com.  All rights reserved.