Phishing Examples Seniors Should Know—And How to Report Them

Your parent forwards you an email: "My account was suspended — I clicked the link and entered my password. Is this okay?"

This is the moment most adult children dread. A phishing attack has succeeded — the credentials are compromised — and the next steps matter enormously. But before getting to reporting and response, it helps to understand what phishing actually looks like in practice, because the examples seniors encounter have become dramatically more convincing over the past two years.

This guide covers both sides: recognizing the specific phishing messages that target older adults most frequently, and then exactly how to report them to the right authorities.

What Phishing Actually Is (and Why It Works on Everyone)

Phishing is the practice of sending a fraudulent message that impersonates a trusted organization — a bank, government agency, or major retailer — to trick someone into handing over login credentials, financial details, or personal information.

The term originally described "fishing" for victims using bait, and the metaphor holds. A phishing email is bait. It does not need to fool everyone — it only needs to fool one person in ten thousand to be worth sending to millions.

Older adults are not more gullible than younger people. They are simply more likely to have accounts worth targeting (savings accounts, Medicare, investment portfolios), and they grew up trusting institutional communications. A letter from the bank was important and required a response. Criminals have built entire industries around exploiting that conditioned trust.

Phishing Examples That Target Seniors Specifically

Example 1: The Medicare "Verification" Email

What it looks like: An email from what appears to be Medicare or the Social Security Administration with the official logo, blue header, and footer text. Subject line: "Action Required: Verify Your Medicare Benefits to Continue Coverage."

What it asks for: Your Medicare Beneficiary Identifier (MBI), date of birth, Social Security number, and sometimes bank account details "for direct deposit of your benefits."

Why it works: The email looks legitimate. Medicare does send emails to beneficiaries. The urgency language ("coverage may be suspended") bypasses critical thinking. Older adults are especially anxious about losing healthcare coverage, which makes them more likely to respond immediately.

The tell: Medicare will never ask you to verify your MBI, SSN, or bank information by clicking a link in an email. If Medicare needs to contact you, they send physical mail or call a number you can verify on medicare.gov.

Example 2: The Amazon Order Confirmation Scam

What it looks like: An email that looks exactly like an Amazon order confirmation: "Your order #302-4857291 for a $349.99 iPad has been placed. If you did not authorize this purchase, click here to cancel."

What it asks for: When the recipient clicks "Cancel," they are taken to a fake Amazon login page that captures their username and password. Some versions then call the victim posing as Amazon support to "help" cancel the order — and request remote access to the computer.

Why it works: Almost every senior with an Amazon account has at some point worried about unauthorized charges. The fake order is designed to create panic. The "cancel here" button feels like the safe, responsible action.

The tell: Go directly to amazon.com (type it into the browser, do not click the link) and check Order History. If the order does not appear there, the email is fraudulent.

Example 3: The Bank "Suspicious Activity" Text

What it looks like: A text message: "Chase Alert: Unusual activity detected on your account. Your card has been temporarily locked. Reply YES to unlock or call 1-855-XXX-XXXX."

What it asks for: Calling the number connects the victim to a fake fraud department that collects account numbers, PINs, and full Social Security numbers to "verify identity."

Why it works: Banks do send real suspicious activity alerts via text. The fraudulent version is nearly identical in formatting. The phone number looks credible. The urgency of a "locked" account causes people to react without verifying.

The tell: Never call the number in a text message. Call the number on the back of your debit or credit card, or go to the bank's website directly. Your real bank will not ask for your full PIN or SSN to unlock your account — they already have that information.

Example 4: The IRS Email (Tax Season Version)

What it looks like: An email from what appears to be IRS.gov stating the recipient owes back taxes and faces "immediate legal action" if they do not pay within 48 hours. Often arrives between January and April during tax season.

What it asks for: Payment via gift cards, cryptocurrency, or wire transfer. Sometimes asks for personal information to "set up a payment plan."

Why it works: The IRS is one of the most feared institutions in America. The threat of legal action creates panic. Seniors on fixed incomes are especially anxious about tax problems.

The tell: The IRS does not initiate contact by email. All legitimate IRS contact begins with a physical letter delivered by the US Postal Service. The IRS will never demand payment by gift card or cryptocurrency. Ever.

Example 5: The Grandchild Emergency Text

What it looks like: A text from an unknown number: "Grandma it's me [grandchild's name], I'm in trouble and using a friend's phone. Please don't tell Mom and Dad. I need $800 for [bail/hospital/car repair] right away. Can you send it through Zelle?"

What it asks for: Immediate money transfer via Zelle, Venmo, or wire.

Why it works: This is technically a form of social engineering rather than email phishing, but it uses the same mechanics — impersonation + urgency + secrecy. With AI voice cloning, some versions now arrive as phone calls that sound like the actual grandchild. The "don't tell Mom and Dad" instruction is designed specifically to prevent the reality-checking that would expose the scam.

The tell: Call the grandchild directly on their known number before doing anything. If they answer, the text was fraudulent. Establish a family code word for exactly this scenario — if anyone calls or texts claiming to be a family member in trouble, they must say the code word to be believed.

How to Recognize Phishing Before Clicking

Across all these examples, a few consistent red flags appear:

Urgency and deadlines. "Your account will be closed in 24 hours." "Respond within 48 hours to avoid legal action." Urgency is manufactured to prevent you from thinking carefully.

Requests to verify information the sender should already have. Your bank knows your account number. Medicare knows your MBI. If they are asking you to "confirm" it, something is wrong.

Links that don't match the organization. Hover over a link (without clicking) to see the actual URL. "Medicare-benefits-update.com" is not Medicare. "amazon-account-security.net" is not Amazon.

Generic greetings. "Dear Valued Customer" instead of your actual name suggests a mass phishing campaign.

Mismatched sender addresses. The display name says "IRS Tax Support" but the actual email address is something like [email protected].

Grammar and formatting errors. Professional fraudsters have improved significantly, but awkward phrasing, inconsistent fonts, or misaligned logos still appear frequently.

How to Report Phishing Emails

Reporting matters for two reasons: it protects your parent by creating a formal record, and it contributes to databases that help block the same messages from reaching other victims.

Report to the FTC

The Federal Trade Commission is the primary US agency that tracks phishing complaints and uses them to pursue enforcement actions.

How to report: ReportFraud.ftc.gov

You can report phishing emails, text messages, and phone calls. The FTC uses these reports to identify patterns, issue consumer alerts, and initiate investigations against phishing operations.

Forward the Phishing Email to the Anti-Phishing Working Group

The APWG is a global coalition of financial institutions, law enforcement, and technology companies that maintains one of the largest phishing databases in the world.

How to report: Forward the phishing email directly to [email protected]

This is a one-step action that takes thirty seconds and contributes directly to take-down requests for fraudulent websites.

Report to the Impersonated Organization

If the phishing email impersonates a specific company or agency, report it to them directly.

• IRS: [email protected] (forward the email as an attachment)
• Social Security Administration: oig.ssa.gov/report
• Medicare: 1-800-MEDICARE or medicare.gov/forms-help-and-resources/report-fraud-and-abuse
• Amazon: [email protected]
• Your parent's bank: Use the "Report Phishing" link in your bank's security center, or call the number on the back of the card

Report to the FBI's IC3

If financial loss has occurred as a result of phishing, file a complaint with the FBI's Internet Crime Complaint Center.

How to report: ic3.gov

IC3 complaints are reviewed by FBI analysts and can trigger federal investigations. More importantly, filing creates an official record that supports bank fraud disputes and insurance claims.

Report to the Email Provider

If the phishing email arrived in Gmail, use the three-dot menu next to the email and select "Report phishing." This feeds Google's spam filters and helps protect other Gmail users.

In Outlook or Hotmail, use the "Report" button and select "Report phishing." In Apple Mail, drag the email to the Junk folder, which trains the filter.

What to Do If Your Parent Already Clicked

Speed is critical. If your parent clicked a link and entered credentials:

1. Change the compromised password immediately on the actual website (go there directly, not through the phishing link). Do this from a different device if possible.

2. Change the password on any other accounts where the same password was used — which is why password reuse is so dangerous.

3. Enable two-factor authentication on the compromised account if it was not already active.

4. Check for unauthorized activity. Log into the account and review recent login history, sent messages, and any account changes.

5. Contact the bank if any financial account was involved. Use the number on the back of the card, not any number from the phishing email.

6. Run a malware scan if any software was downloaded. Malwarebytes (free version) is effective for this.

7. File a report with the FTC at ReportFraud.ftc.gov to create a formal record.

Phishing is one of approximately a dozen scam types that specifically target older adults — and each type has its own mechanics, warning signs, and response steps. The Elder Scam Shield guide covers all of them in a single reference document, including phone-specific scripts your parent can use to shut down a scam call in under thirty seconds. If you want the complete system, it's available here.