If you're reading this, something probably already happened. Maybe your mom got a call about a "computer virus." Maybe your dad almost sent gift cards to someone pretending to be his grandson. Maybe nothing happened yet, and you just want to get ahead of it.
Either way, you're not overreacting. Scammers target older adults on purpose, because they know exactly which stories work: a grandchild in trouble, a bank account under threat, a package that needs a "small fee" to release. The good news is that most of these scams follow a small number of patterns, and once you know the patterns, they're much easier to catch.
Here's what actually helps.
Why your parents are a target, not just unlucky
Scammers aren't randomly guessing. Older adults are targeted more often because they're more likely to answer an unknown call, more likely to have savings worth going after, and less likely to have grown up around phishing emails and fake login pages. None of that is about intelligence. It's about exposure. Someone who's spent 30 years in a workplace with IT training has just seen more of these tricks than someone who hasn't.
That's the frame worth using with your parents, too: this isn't about them being careless. It's about scammers getting better at sounding real.
The scams that show up most often
A few patterns cover most of what your parents are likely to run into:
The "grandchild in trouble" call. Someone claims to be a grandchild, or a lawyer/police officer on their behalf, saying they're in jail or hurt and need money immediately, and to keep it secret from the rest of the family. The secrecy request is the biggest red flag here.
The fake bank or company alert. A text or email says there's suspicious activity on an account and includes a link to "verify" it. The link goes to a fake page designed to steal login details.
The tech support pop-up. A browser pop-up claims the computer has a virus and provides a phone number to call. The "support agent" then asks for remote access or payment.
The romance or long-term relationship scam. Someone builds a relationship over weeks or months, often on social media or a dating site, before asking for money for an emergency.
The prize or package scam. A message claims they've won something or that a package delivery failed, and asks for a small payment or personal information to release it.
Practical steps that actually work
1. Set up a family password
Agree on a word or phrase only your family knows. If anyone calls claiming to be a relative in an emergency, that word is the check. No word, no money, no information, until you've verified by calling the person directly on a number you already have.
2. Make "hang up and call back" the default
If a call claims to be the bank, the IRS, or a family member in a crisis, the safe move is always to hang up and call back using a number you already have on file, not one given during the call. Real institutions expect this and won't pressure someone to skip it.
3. Slow down anything urgent
Nearly every scam creates pressure to act immediately: threat of arrest, account suspension, a limited time offer. Urgency is the tell, not the emergency. A pause of even ten minutes to think, or call someone else in the family, breaks most scam attempts.
4. Check links before clicking, not after
The fastest way a scam succeeds is a single click on a link that looks legitimate but isn't. Encourage typing known addresses directly into the browser instead of clicking email links, and when in doubt, checking a link before opening it. Free tools like Haven's link checker let anyone paste in a suspicious link or check a site's safety before clicking, without needing to understand how phishing pages work under the hood.
Quick tip: Bookmark a link checker on your parent's browser toolbar, right next to their email or banking bookmark. The extra step only works if it's easy to find in the moment, not buried three menus deep when they're already unsure about a message.
5. Turn on two-factor authentication
For email, banking, and any account that holds money or personal data, two-factor authentication means a stolen password alone isn't enough to get in. It takes a few minutes to set up per account and meaningfully raises the bar for anyone trying to break in.
6. Do a periodic check-in, not a one-time lecture
A single "be careful online" conversation doesn't stick. What works better is a recurring, low-pressure check-in: "Anything weird show up in your email or texts this month?" Treating it as an ongoing habit, not a one-time warning, keeps it from feeling like a lecture and keeps it current as new scams emerge.
If it's already happened
If your parent has already sent money, shared account information, or clicked a suspicious link, speed matters more than blame.
If money was sent by wire or gift card: Contact the bank or the gift card company immediately. Some transfers can be reversed or frozen in the first hours.
If a password or account number was shared: Change that password immediately, and any other account using the same password.
If a link was clicked: Run a security scan on the device, and watch bank and card statements closely for the next few weeks.
Report it: File a report with the FTC at reportfraud.ftc.gov. It won't undo what happened, but it helps track patterns that protect others.
The most important thing to communicate in this moment is that reporting it, even late, is always the right call. Shame is what keeps people from telling their family when something looks off, and shame is exactly what scammers count on.
A conversation, not a lecture
The tone of these conversations matters as much as the content. Nobody responds well to "you should have known better." What tends to land is closer to: "These scams have gotten really convincing, here's what I look for now, want me to show you?"
Treat it as something you're figuring out together, not a warning being handed down. It's also worth remembering the conversation isn't over after one talk. New scam patterns show up constantly, and a relationship where check-ins are normal is worth more than any single list of tips.
What's Haven, and what it does
Most of the scams above share one moment in common: a link that looks legitimate, whether it's in a text about a "bank alert," an email about a "package delivery," or a pop-up warning about a virus. That single click is where the scam actually happens.
Haven is a free browser extension that checks links and websites for phishing before you land on them. It runs automatically in the background, so it doesn't rely on your parent remembering to look something up, or knowing what a fake login page looks like. If a link leads somewhere designed to steal information, Haven flags it before the page loads.
A few honest notes on scope, since it's worth knowing what this does and doesn't cover:
It protects against link-based scams, like fake bank pages, phishing emails, and malicious sites. It doesn't stop phone call scams or in-person schemes, those still come down to the family conversation and safeguards covered earlier in this guide.
It's free for individual use, with no account required to check a single link.
It's built for exactly the moment described throughout this article: the second where someone is rushed, unsure, or trusting, and clicks before thinking to check.
If you want to see how it works before installing anything, Haven's link checker lets you paste in any suspicious link or website and check it on the spot.
FAQs
What is the most common online scam targeting elderly parents?
The most common scams targeting older adults are the "grandchild in trouble" call, fake bank or account alerts sent by text or email, and tech support pop-ups claiming a virus was found. All three work by creating urgency and asking the person to act before they have time to verify.
How can I tell if my parent is being scammed right now?
Warning signs include a parent being told to keep a call or payment secret, sudden urgency around sending money or gift cards, unexplained withdrawals or wire transfers, or new secrecy about a "friend" they've been messaging online. Any request to act immediately and not tell family is the clearest red flag.
What should I do if my parent already sent money to a scammer?
Contact the bank or gift card company immediately, since some transfers can still be reversed or frozen within the first hours. Change any shared passwords right away, and file a report at reportfraud.ftc.gov. Speed matters more than figuring out exactly what happened first.
How do I talk to my parents about scams without sounding condescending?
Frame it as something you're learning together, not a warning you're handing down. A line like "these scams have gotten really convincing, here's what I check for now" lands better than "you should have known better," and works best as an ongoing, low-pressure check-in rather than a one-time lecture.
Is it enough to just tell my parents to "be careful" online?
No. Verbal warnings fade quickly and don't hold up against scams designed to create panic in the moment. Practical safeguards, like a family password for emergencies, two-factor authentication on key accounts, and a habit of checking links before clicking, work better because they don't rely on memory under pressure.
Can a browser extension actually stop phishing scams before they happen?
Yes, for the link-based part of most scams. Tools like Haven check a link or website for phishing signals automatically before a page loads, which closes the gap that happens when someone is rushed or unsure and clicks before thinking to check. It won't stop a phone-based scam, but it addresses the most common digital entry point.
Should my elderly parents just avoid using the internet or email altogether?
No, avoiding the internet isn't realistic or necessary, and it cuts people off from banking, family contact, and useful services. A better approach is a few specific safeguards, like verifying links before clicking, using two-factor authentication, and having a family check-in habit, rather than avoidance.

