Internet Safety for Seniors: The Essential Guide for Adult Children

Your parent got a smartphone three years ago. They figured out Facebook. They started shopping on Amazon. They learned to use Google. And now they're exposed to an entire universe of online threats that didn't exist when they were using a landline and paying bills by check.

Internet safety for seniors isn't about teaching your parents to be cybersecurity experts. It's about configuring their devices, adjusting a handful of settings, and establishing a few simple rules that keep them safe without requiring them to understand how phishing works at a technical level.

This guide walks you through the essentials — the settings to change, the habits to build, and the conversations to have.

Email: the biggest online threat for seniors

Email is the primary channel for phishing attacks targeting seniors. The scams range from crude ("You've won a $1,000 Walmart gift card! Click here!") to sophisticated (a pixel-perfect replica of their bank's login page, complete with their name and account type).

Settings to configure

Spam filter: Make sure your parent's email spam filter is active. In Gmail, it's on by default. In Outlook, go to Settings > Junk email and set the protection level to "Standard" or "Exclusive" (exclusive only allows mail from contacts).

Image loading: Disable automatic image loading in emails. This prevents tracking pixels that tell scammers the email was opened (confirming the address is active). In Gmail: Settings > General > Images > "Ask before displaying external images."

Preview pane: Show your parent how to hover over links without clicking to see the actual URL. The link text might say "Chase Bank" but the URL is something like "chase-secure-login-update.fakescamsite.com." If the URL doesn't match the real company's website, it's a scam.

Rules to establish

The "never click" rule: If an email asks your parent to click a link to "verify their account," "claim a prize," or "update payment information," they should never click the link in the email. Instead, they should open a new browser tab, type the company's actual website address, and log in directly. This one rule defeats the vast majority of phishing attacks.

The "call the company" rule: If an email claims there's a problem with their bank account, insurance, or subscription, they should call the company using the phone number on the back of their card or on their paper statement — never the number in the email. Scammers include fake customer service numbers in phishing emails specifically to intercept these calls.

Social media: what to lock down

Facebook is where most seniors spend their online time, and it's also where scammers harvest personal information to make their attacks more convincing. A scammer who knows your mother's hometown, her late husband's name, her grandchildren's names, and where she goes to church can craft a phishing message that feels deeply personal.

Privacy settings to change

Profile visibility: Go to Settings > Privacy and set "Who can see your future posts?" to "Friends." Do the same for "Who can see your friends list?" — scammers use friends lists to identify targets and impersonators.

Friend requests: Set "Who can send you friend requests?" to "Friends of Friends" at minimum. Scammers create fake profiles and send requests to seniors who accept everyone.

Personal details: Remove or hide sensitive information from the profile — birthdate (especially the year), phone number, email address, and home address. This information is used for identity theft and targeted scam calls.

Tagging: Set "Review tags people add to your posts before the tags appear" to On. This prevents scammers from tagging your parent in spam posts.

Habits to build

Don't accept friend requests from strangers. This sounds obvious, but many seniors accept every request because they think it's rude not to. If they don't recognize the person, they shouldn't accept.

Never respond to messages asking for money. Even if the message appears to come from a friend, the friend's account may have been hacked. If a "friend" on Facebook asks for money, call the friend on the phone to verify.

Be cautious with quizzes and games. "What was your first car?" and "What street did you grow up on?" quizzes are designed to harvest answers to common security questions. They look fun and harmless, but the data goes straight to scammers.

Safe browsing: protecting against pop-up and tech support scams

One of the most common scams targeting seniors starts with a web browser pop-up: a loud alarm, a flashing screen, and a message claiming "YOUR COMPUTER IS INFECTED! CALL MICROSOFT IMMEDIATELY AT 1-800-XXX-XXXX." The number connects to a scam call center where the "technician" convinces the senior to install remote access software and hand over their credit card.

Defenses to set up

Ad blocker: Install uBlock Origin (free, available for Chrome, Firefox, Edge, and Safari). It blocks malicious ads and pop-ups that trigger fake virus warnings. This single extension eliminates the majority of tech support scam entry points.

Pop-up blocker: Make sure the browser's built-in pop-up blocker is enabled. In Chrome: Settings > Privacy and security > Site settings > Pop-ups and redirects > toggle to "Don't allow."

Auto-update: Ensure the browser updates automatically. Outdated browsers have security vulnerabilities that scammers exploit to inject malicious pop-ups.

The "just close it" rule

Teach your parent one rule for scary pop-ups: close the browser. Don't call the number. Don't click any buttons on the pop-up (even "Close" buttons — they're often fake). Just close the entire browser window.

If the pop-up won't let them close the browser:

• On a computer: Press Ctrl+W (Windows) or Cmd+W (Mac) to close the tab, or Alt+F4 (Windows) or Cmd+Q (Mac) to force-quit the browser entirely
• On a phone or tablet: Swipe the browser app away from the recent apps screen

The "virus" isn't real. The pop-up is a scare tactic. Closing the browser makes it disappear permanently.

Online shopping: buying safely

Many seniors now shop online regularly, which is generally safe on major platforms like Amazon. The risks come from unfamiliar websites, marketplace sellers, and deals that seem too good to be true.

Rules for safe online shopping

Stick to known retailers. Amazon, Walmart, Target, and other major retailers have buyer protection programs. Unfamiliar websites — especially those advertised through Facebook or Instagram ads — are frequently scams that take payment and never ship the product.

Use a credit card, not a debit card. Credit cards offer fraud protection and allow charges to be disputed. Debit cards pull money directly from the bank account, and recovery is much harder.

Never pay by wire transfer or gift card. No legitimate retailer accepts payment via wire transfer, gift cards, or cryptocurrency. If a "seller" requests these payment methods, it's a scam.

Check the URL. Before entering payment information, make sure the website address starts with "https://" (the "s" means the connection is encrypted) and that the domain name is correct. Scammers create sites like "amaz0n-deals.com" to mimic real retailers.

Password basics

Poor password practices are one of the biggest security vulnerabilities for seniors. Many use the same password for every account, choose something guessable (a grandchild's name, a birthday), and write it on a sticky note attached to the monitor.

The minimum viable password strategy:

• Use a different password for email and banking than for everything else. If a shopping site gets hacked, you don't want the same password opening the bank account.
• Make passwords at least 12 characters long. A passphrase like "RedBicycleParkBench" is both stronger and easier to remember than "P@ssw0rd123."
• If your parent is willing, set up a password manager like 1Password or Bitwarden. If they're not (and many seniors resist), write passwords in a physical notebook kept in a secure location — not on sticky notes visible to visitors.

For a deeper dive into password management for families, see our guide on Password Management for Families.

The 15-minute internet safety setup

Here's a checklist you can run through the next time you visit your parent:

• [ ] Check that email spam filtering is on
• [ ] Disable automatic image loading in email
• [ ] Show them how to hover over links to check URLs
• [ ] Lock down Facebook privacy settings
• [ ] Install uBlock Origin on their browser
• [ ] Enable pop-up blocking in browser settings
• [ ] Make sure the browser and operating system auto-update
• [ ] Check that they're using a credit card (not debit) for online shopping
• [ ] Review their passwords and update any that are weak or reused

Internet safety is part of a bigger picture

Setting up your parent's devices is important, but it's only one layer of protection. Scammers are adaptive — when one channel gets blocked, they switch to another. The senior who's protected from phishing emails may still be vulnerable to a phone call from a fake "bank investigator" or a text message claiming to be from a grandchild.

The Elder Scam Shield guide provides a complete protection system that covers every channel — phone, email, text, and in-person. It includes the Refrigerator Defense Sheet (a printable, large-print page for seniors to keep by the phone), word-for-word scripts for ending scam calls, a family code word protocol, and a tech lockdown checklist. Everything is designed for seniors who aren't comfortable with technology. $14, instant download.

For help protecting your parents from phone scams specifically, see How to Protect Elderly Parents from Scams.