Windsor Wealth Management LLC

Investment service in Topsfield, Massachusetts

Scams and Fraud

Today’s New Reality: Spotting Scams

by

It’s never our intent to alarm you. Instead, our goal today is to keep you informed.

Our new reality is that you must be skeptical of every call, email or text you receive.

Why?

Because 73% of surveyed U.S. adults have experienced some kind of online scam or attack. What’s more, most get scam calls, texts and emails at least weekly, according to a Pew Research Center study.1

For Example:

The following text message is a social engineering scam.

The scammer sends a vague message from an unknown number to see if the recipient will engage. A response confirms the number is active, and the scammer then tries to gain your trust and, eventually, your money.

Social Engineering Text Scam Example
Called “smishing” a blend of SMS and phishing

In today’s post, we:

  • Explain scams that frequently impact adults aged 60 and older. (See our Scam Awareness handout below.)
  • Describe how scammers use text messages and social engineering—the psychological manipulation of people—to get you to divulge confidential information or take specific actions.
  • Suggest steps to help protect yourself from scams, including creating a safe word.

Let’s start with some background information:

According to the Pew Research Center study, the most common scam attacks are:

Credit/Debit Card Fraud (48%): Online hackers stealing credit or debit card information and making fraudulent charges.

Online Shopping Scams (36%): Buying an item online that was either counterfeit, never arrived or for which a refund was never received.

Account Takeovers (29%): A personal online account being accessed or taken over without permission.

Phishing Scams (24%): Scammers using an email, text message or call to trick people into giving away personal information.2

2 COMMON SCAMS TARGETING ADULTS AGED 60+

#1—Government Impersonation & Other Imposter Scams

How it works: Scammers pose as government officials (IRS, SSA, Medicare) and use scare tactics, including threatening arrest, lawsuits or loss of benefits if immediate payment or personal information isn’t provided. They might “spoof” caller ID to make it look like a legitimate government agency is calling.

Criminals also pretend to be: the police, from large companies (e.g., Amazon), an agency claiming you have unpaid tolls/traffic tickets, or your future boss, rushing you to provide your bank information for payroll purposes.

Why it targets older adults: Older adults often rely on government benefits and may react quickly to official-sounding threats, especially regarding their Social Security or Medicare.

#2—Grandparent & Emergency Scams

How it works: A scammer calls or emails, pretending to be a grandchild or other relative in distress (e.g., in jail, sick or needing emergency money for travel). They often beg the grandparent not to tell anyone else and request money via wire transfer or gift cards, which are difficult to trace. They may even use AI to clone a grandchild’s voice.

Why it targets older adults: These scams prey on the love and concern grandparents have for their family. The emotional appeal can override caution.

[RESOURCE]: Download and share our new handout: Beware of Scams Targeting Older Adults Aged 60+. It addresses scams related to: tech support, investments, sweepstakes/lottery, romance and more!

Another Example: Incoming Scam Email

TEXTING SCAMS

While many text scams rely on malicious links, another sophisticated tactic involves social engineering (This article discusses 10 types of social engineering attacks) through conversation.3

Generally, there are three steps to text scams:

Step #1—Initial Contact (The Bait)

During step one, scammers “bait” you so you’ll respond.

Examples Include:

Wrong Number Scam—This is a very common starting point. You’ll receive a text like: “Hey, is this Sarah? Long time no see!” or “Hi, did I catch you at a bad time?”

Your natural inclination might be to politely correct them: “Sorry, wrong number.” This is exactly what the scammer wants—they’ve gotten you to engage.

Random, Innocent-Sounding Messages—Sometimes it’s as simple as “Hello” or “How are you doing today?” They’re casting a wide net, hoping someone responds.

Fake Alerts (without a link)—They might send a text pretending to be from a bank, a delivery service or a government agency, but instead of a link, they’ll say something like: “Suspicious activity detected on your account. Reply ‘YES’ to verify or ‘NO’ to block this charge. For immediate assistance, call [fake number].”

Step #2—Build Rapport (Social Engineering)

Once you respond, even with a simple “wrong number,” the scammer shifts into building a relationship.

This is where social engineering comes in.

They might:

Apologize Profusely: “Oh, I’m so sorry! My mistake. It’s so hard to keep track of numbers these days. But since I have you, how are you doing?”

Pretend Interest: They’ll ask about your day, your hobbies, your work or something generic to keep the conversation going. They might share “details” about their fake life (e.g., successful business venture, exotic travel or a recent family tragedy) to make themselves seem more credible and relatable.

Manipulate Emotions: They might express loneliness or seek advice to create a bond. This is particularly effective in romance scams.

Encourage Investing: They may say, “I’ve been making a lot of money with this new crypto platform, and I think you’d be really good at it! I can show you how.” As an aside, if you see a friend talking a lot about crypto on a social channel, their account has likely been taken over by scammers.

Step #3—The “Ask”

Eventually, the scammer will ask for money or sensitive information. Because they’ve invested time in building trust, the victim may be more likely to comply.

They might request:

  • Wire Transfers: Untraceable and irreversible.
  • Gift Cards: Popular because they’re like cash and hard to trace.
  • Cryptocurrency: Increasingly common for its perceived anonymity.
  • Bank Account Details: To “send you money” or “invest for you,” but actually to steal from you.
  • Personal Information: Social Security numbers, dates of birth, addresses, which can be used for identity theft. (In reality, due to past security breaches, a great deal of this information is already possessed by hackers.)
  • Login Credentials: For online banking, email or social media, giving them direct access to your accounts.

BE AWARE OF THE FOLLOWING

HOW TO PROTECT YOURSELF FROM SCAMS

GENERAL PRINCIPLES:

Be Skeptical: If something sounds too good to be true, it probably is.

Guard Personal Information: Never share sensitive data (SSN, bank account details, credit card numbers, passwords) unless you initiated the contact and are certain of the recipient’s identity.

Resist Pressure to Act Immediately: Scammers often create a sense of urgency to prevent victims from thinking clearly or consulting with others.

COMMUNICATION RED FLAGS:

Unsolicited Contact: Watch out for unsolicited contact from unknown numbers or emails. This is a major red flag, even if they claim to know you.

Vagueness: Scammers often keep their initial messages vague (“Hey, is this you?”) to get you to fill in the blanks and reveal who you are.

No In-Person Meetings: If it’s a romance or friend scam, they’ll almost always have an excuse for why they can’t meet in person or via video.

Caller ID and AI: Be aware that scammers can spoof caller ID to impersonate trusted numbers and use AI to clone voices, often using audio from social media or even a voicemail greeting.

DIGITAL AND ONLINE SAFETY:

Verify, Verify, Verify: If someone claims to be from a company or government agency, hang up and call them back using a verified phone number from the agency’s official website, not a number given by the caller, text or email.

Avoid Clicking Links: Go directly to websites instead of clicking links from unexpected emails or texts.

Social Media Monitoring: Understand that scammers actively monitor social media to gather personal information like your pet’s name or birthday. They use these details to create convincing and targeted scams or answer security questions.

FINANCIAL PRECAUTIONS:

Refuse Untraceable Payments: Never agree to requests for payment via gift cards, wire transfers or cryptocurrency. These methods are nearly impossible to trace, making them a favorite for scammers.

CREATE A FAMILY SAFE WORD

With scammers now able to clone voices, a family safe word is a crucial defense. This should be a secret, unguessable word with no connection to your personal information, i.e., don’t use your pet’s name, etc.

How to use it:

Never volunteer the safe word. The person receiving the call must ask for it. A scammer might try to manipulate you by claiming they’re too upset to remember it.

To further protect yourself from scams:

  • Change your passwords often.
  • Enable two-factor authentication (2FA) on your accounts, and when possible, use an authenticator app (like Google Authenticator), which is generally more secure than receiving a code via text message.

David Bunker, Financial Advisor & Licensed Fiduciary

Before You Go

Get help optimizing your retirement income. Download our FREE “Prolonging Retirement Income” checklist.

Also, receive help retiring to the life you want, schedule a complimentary financial planning consultation.

This communication was prepared with financial writer Sharron Senter’s assistance, based on interviews with David Bunker, a financial advisor and licensed fiduciary.

Sources:

1 & 2: Pew Research Center, Online Scams and Attacks in America Today, https://www.pewresearch.org/internet/2025/07/31/online-scams-and-attacks-in-america-today/

3: Crowdstrike: 10 Types of Social Engineering Attacks and How To Prevent Them, https://www.crowdstrike.com/en-us/cybersecurity-101/social-engineering/types-of-social-engineering-attacks/