The pop-up looked official enough to fool anyone—blue shield, Microsoft font, a blinking “SECURITY ALERT” and a 1-800 number “to prevent shutdown.” On the other end of the line, a calm voice turned menacing: “If you don’t cooperate, we will have to disable your computer permanently.”
My client’s 79-year-old mother—let’s call her “Mary”—felt her chest tighten. She wasn’t reckless; she was kind, trusting, and alone with a machine that suddenly felt hostile. The scammer pressed for remote access and a wire “to unlock” her accounts. That’s when her son (our client) became the hero. He had already installed account alerts, restricted daily transfer limits, and set up multi-factor authentication. In minutes, he froze the right accounts, shut down remote access, and called the real bank on a published number. The thief never got a dime. Mary got her peace back.
That scene is becoming more common, and more convincing, for one reason: automation plus psychology. Today’s criminals use generative AI to write flawless emails, mimic support scripts, and even clone voices. The con feels human—because, in a way, it is.
AI Scams Are Accelerating
The emotional story is real, but so are the numbers.
Internet crime losses reported to the FBI hit more than $16 billion in 2024, up 33% from 2023, on 859,532 complaints—both records. Seniors are being targeted with particular ferocity: in 2024, Americans age 60+ reported $4.9 billion in losses across 147,127 complaints—double-digit growth in both complaints and dollars. It isn’t just the FBI’s data. The FTC’s 2024 Consumer Sentinel figures show consumers reported $12.5 billion in fraud losses—25% higher year-over-year.
What’s amplifying the trend?
More organizations—and households—are adopting AI, which accelerates both productivity and abuse. In the World Economic Forum’s 2025 outlook, two-thirds of security leaders expect AI to materially reshape cyber risk in the next 12 months, yet barely a third have mature guardrails in place. On the ground, incident volume is rising: Verizon’s 2025 DBIR analyzed 22,052 incidents and 12,195 confirmed breaches—the most in the report’s history.
Translation: the con artists are faster, more believable, and more scalable than ever.
Jocelyn King, “The Queen of Online Safety,” is a Top 10 Woman in Cybersecurity and CEO/founder of Smarter Online Safety. She says the situation is daunting but not hopeless. “Hacker’s number one tool is not AI or software algorithms. Their number one tool is people’s lack of knowledge and action. If you believe your bank or the IRS or DMV is really trying to reach you, leave the conversation and contact a known number and speak to an actual agent,” she advises.
5 Practical Moves To Protect Everyday People
You don’t need a six-figure tech stack to get safer. You just need guardrails.
1. Establish the Family “Pause Protocol”
Create a house rule—especially for elders—that nothing involving money or access happens in real time. If someone calls, texts, or pops up on screen asking for action, hang up or close the window.
No legitimate company demands install payment over email, text or the phone. Hang up and then call the real company using a known, published number from the back of the card or the company’s actual website. Add a family “safe word” for urgent requests that claim to be from relatives (“Grandma, it’s me; I need bail”). No safe word, no action. Make it a word or phrase that is not something shared on social media.
2. Lock Down the Money First
Before trouble strikes, set account alerts (every transaction), MFA (multi-factor authentication) on banking, brokerage, email and password manager, and daily transfer limits small enough to sting a fraudster.
Jocelyn says, “For seniors who are not tech savvy, are too trusting, or are losing some cognitive ability, put a trusted family member’s phone number on the MFA account access number. It’s far better to get interrupted in a busy meeting seeing that a retirement account is being accessed for an oversees wire transfer than to later fail at trying to recover a loved one’s transferred lifesavings.”
Consider credit freezes at all three bureaus for seniors who don’t need new loans often; it’s free and reversible. When available, passkeys (face/fingerprint + device) beat passwords because there’s nothing useful for criminals to steal or phish.
3. Remove the Scammer’s Favorite Tool: Remote Access
Legitimate tech support will never cold-call you, threaten to “shut down” your PC, or demand payment to “unlock” anything.
Uninstall unattended remote-control apps your family doesn’t use. If a pop-up includes a phone number, that is itself the red flag. Close the browser entirely or power the device off. If you think malware may have been installed, consult a trusted local tech or the device maker’s official support—not the number in the pop-up.
4. Harden the Devices You Actually Use
Set your lock screen. Turn on automatic updates for the operating system and browsers. Use a reputable DNS filter (often free from your router or ISP) to block known malicious sites. Give every user a standard (non-admin) account for daily use and reserve admin rights for installs. On phones, disable sideloading and review app permissions—especially anything with accessibility or screen-sharing rights.
5. Prepare a Simple “If It Happens” Script
When adrenaline spikes, checklists win.
Review this as a family or organization and keep it in a secure location away from any visitors or prying eyes.
• Bank/Broker: call fraud department on the card back; freeze cards; reverse transfers.
• Email & Cloud: change passwords from a clean device; revoke suspicious sessions; enable TFA/MFA everywhere possible.
• Credit: freeze your credit with all three credit bureaus; place a fraud alert.
• Block and Report: file with IC3.gov and ReportFraud.ftc.gov—reports help investigators see patterns and may speed restitution.
Why This Works
Criminals rely on four levers: urgency, authority, isolation, and confusion. Your job is to remove at least two of the four.
The Pause Protocol kills urgency.
Known-number callbacks puncture fake authority.
Family safe words and checklists reduce isolation and confusion.
Money guardrails like these mean that even if someone clicks once, the blast radius is small.
“If you want to be safe online, it’s critical that you realize you’re in an unfair battle for your privacy, safety and money against an AI cybercrime tsunami hitting our shores,” says Jocelyn. “You can’t afford to miss one key area, because as we say in cybersecurity: The bad guys only have to be right once.”
Let’s circle back to Mary. She felt embarrassed afterward, but she shouldn’t. This con was designed to bypass human logic and hijack human emotion.
What saved her were systems installed in advance by someone who loved her. In an era when AI makes scams look and sound legitimate, that’s the blueprint: a warmer conversation around money and technology, plus a few well-placed speed bumps that buy time for common sense to catch up.
If you remember one thing, make it this: Trust your pause, not the pop-up. The right small steps—today—can turn a would-be catastrophe into nothing more than a story your family tells over dinner about the day you outsmarted a machine.