That mystery, however, can be dangerous.

Younger Americans are more likely to use the Internet, but seniors are joining at faster rates than their younger counterparts. As of 2015, 81 percent of Americans between the ages of 50 and 64 use the Internet at least occasionally, as do 58 percent of those who are 65 and older. The Internet has proven to be an amazing resource for seniors, particularly those with physical limitations. It opens doors to keeping in better touch with family, pursuing new hobbies, and discovering new communities of people with similar interests.

But it also unlocks a whole new world of vulnerability. According to the FBI, seniors are specifically targeted online because they “are most likely to have a ‘nest egg,’ to own their home, and/or to have excellent credit—all of which make them attractive to con artists.” Furthermore, the FBI says,

“People who grew up in the 1930s, 1940s, and 1950s were generally raised to be polite and trusting. Con artists exploit these traits, knowing that it is difficult or impossible for these individuals to say ‘no’ or just hang up the telephone.” Con artists view the senior population as uniquely vulnerable, and they have come up with creative ways to try and exploit those vulnerabilities.”

Some of the new swindles resemble old door-to-door, mail, and phone scams, except that they now take advantage of massively efficient Internet communication. Think of the myriad of messages containing sob stories ending in pleas for large sums of money, solicitations for charities that don’t exist, offers of free prizes and gifts, or attempts to scare out personal information with threats of cutting off Social Security payments, health care coverage, or banking account access. There are also popular schemes in which a pop-up window informs a person their computer has been compromised and will be shut down unless the outside party is granted access to the machine. Or a message appears from what seems to be a friend or relative telling the user to “check out this awesome website!” Although these aren’t age-specific ploys, many scammers specifically target seniors, assuming that they are unfamiliar with the ways of the web and are easier to con.

So what can we realistically do about it? The success of these hacks and scams have led many software developers and security professionals to gripe about the so-called “stupid users” who simply cannot be saved from themselves and their terrible passwords. While it’s true, in a tautological sense, that removing all humans from the network would make it exceptionally secure, being “stupid” and being “poorly educated” are two very different things. There are a lot of smart people out there that simply don’t have the right information to keep themselves safe online, including seniors. As Slate columnist Josephine Wolff wrote in her beautifully titled piece “Calling Humans the ‘Weakest Link’ in Computer Security Is Dangerous and Unhelpful,” these mistakes show that technology is failing the human users, not the other way around. “The whole point of computers,” she writes, “is that they’re supposed to improve the lives of people, and yet, strangely, it’s the people who end up being painted as the problem.”

Yanking grandma and grandpa (or anyone else who doesn’t know how to respond to technogeek phrased pop-ups about ActiveX controls) offline is clearly not the answer. But given the rate at which seniors are being targeted, we could be doing a better job of getting basic information to this particularly vulnerable group. There are lots of places that offer excellent educational resources about online security and privacy, particularly from AARP, yet they don’t seem to be reaching their target audience. To understand why this information isn’t flowing, I had to reach out to people who don’t work in cybersecurity, who aren’t Internet natives like myself. I needed to talk to people who are much, much different than myself. So I called my parents.

My mom is a paralegal at a huge law firm, and she’s really good at it. She navigates complex tax and real estate regulations like Misty Copeland navigates the stage. My dad is retired now, but he spent years in banking, working his way up from teller to vice president. They’re very smart people. But they didn’t grow up with the Internet.

“So,” I asked my parents, kicking back on the couch in the home where I grew up, “Where do you get most of your information on online safety?”

“You,” they said in unison, without hesitation.

“Well, okay,” I said. “But other than me. Like if I’d gone into, I don’t know, forestry instead of tech. Where would you be getting that information?”

“There’s no really good place,” my dad said after thinking a moment. “The TV frightens me, because they just focus on fear, not what to actually do.”

“Do you think they should put something educational on TV about cybersecurity instead?” I asked. “At a level anyone could access?”

My mom frowned and shook her head. “I don’t think so. If they put something informational on TV, people would probably flip the channel to watch Star Trek instead.” I couldn’t disagree.

“I do learn a lot from work,” my mom said. “We have a good IT department. I guess there are classes at the college. But if you’re not involved with computers in some way, you don’t think about that stuff.”

“And what you learn from the experts at work doesn’t always translate to home,” my dad added. “I have a lot more to worry about here at home than I did in the office.”

My dad is right—workplace training covers only certain topics. But that training has really stuck with them. For example, my parents are pros when it comes to understanding spearphishing attacks. They know that an email isn’t always what it seems—that it might be a deliberate fraud by someone who knows about their personal habits, likes, or dislikes, and is using that information to entice a target to click on malicious links, or reply with personal information. “I’m paranoid about opening emails,” my dad said. “You have to know first who they’re really from.” Solid advice. At my mom’s work, the security team even sends fake spearphishing emails that redirect to an online training course if the links are clicked. It’s a great idea—although it requires a savvy educator.

“It has to be at a level that people understand,” my mom emphasized. “I like learning, but I like to learn quickly. What are the clues that something’s wrong? If it looks like junk in the email address, for example. Or how you should never click a link that’s sent to you if you don’t know what it is. Those are a few things that everyone could do that would help some.”

We talked a lot more about Internet safety. My parents agreed that without a smart and communicative security department at work (in the alternate universe where I am a park ranger), they wouldn’t have any source of good information. Since 13 percent of the U.S. population is 65 and over, and that percentage is growing, we can’t depend on workplace training to keep the older generations safe online.

I left my parents’ house feeling pretty happy with their level of knowledge. I also left with the understanding that they were lucky. They learned a lot from their corporate security departments and they have a daughter in cybersecurity who’s willing to personally engage with them after they retire to ensure they stay safe as vulnerabilities and and attack methods continue to evolve. It’s hard to create new pathways for knowledge—especially pathways that can reach everyone. As my mother reminded me, most aren’t the caricature of the hopeless senior completely incapable of learning anything new. The problem isn’t that seniors can’t learn. It’s that no one is there to teach them in the first place.

Some workplaces can and have filled this role, but it’s certainly not a guarantee. Even when they have, as people leave the workforce, they will need some other source of help continuing to stay safe online. As I mentioned earlier, AARP has some excellent resources for seniors, including tips on avoiding identify theft, spotting spearphishing scams on social media, and explaining ransomware, but you have to be motivated to seek them out. Some senior centers have stepped up to provide classes on computer safety, which is great, but not everyone who needs them can or will take them. Television depictions of cyber are grossly misleading. Mainstream media coverage of these issues is sporadic and can’t be relied upon to reach everyone at the right time.

But if you’re concerned about your parents, there is one last line of defense: you. So let’s all bake our parents a pan of brownies, sit down with them, and have a talk about the Internet. It might get a little awkward, just like the talk they once gave you. But protection, not abstinence, is the way to go when it comes to Internet safety. And who knows, maybe you’ll also learn a few things when you do.

The post It’s Not Your Grandparents’ Fault They Keep Getting Scammed Online appeared first on Zócalo Public Square.

The message was friendly and chatty, with several attachments, and it contained a proposal: I could pay one million renminbi (about $150,000 at the time), in exchange for which the sender would not forward the attachments to my business partners or competitors. It took me a second—in that out-of-body, as-if-movie-watching state we go to when totally disoriented—to digest what was happening. This was no friendly e-mail from the home front, no business proposition in any traditional sense. This was blackmail, or extortion, or some other noun that I would never associate with my life.

Last week, I read of the infiltration of The New York Times and other media by Chinese hackers, and I can imagine how Times staffers must be feeling. It brought back all too vividly the violation-induced nausea of my own experience with China’s hacker army.

At the time, I was the chairman of a company that was building shopping centers in China. The company was a partnership of three entities: a major U.S. bank, a Chinese state-owned enterprise, and my firm. We were building centers in third- and fourth-tier cities. The anchor tenant was a multi-national hypermarket. Nearly all the employees were Chinese. It was an exhilarating adventure for me, but it was of little consequence politically. The enterprise was building Chinese shopping centers in Chinese cities for Chinese consumers.

Even so, all of our Internet activity was monitored. There was a small modem-like device attached to the primary server in our computer room. It was not terribly clandestine. We were told that the “government” would be restricting access to international news sites and various Chinese sites.

Our Chinese employees were used to this sort of thing. But for my American colleagues and me, the monitoring was a novelty. Although most international sites were accessible, certain stories on news websites were blacked out. When the power or the Internet would go down, we would promptly get a phone call from China Telecom, our service provider. They were on a friendly, first-name basis with our Shanghainese-speaking IT guy. “What’s up?” they’d ask. “Why are you offline?” They feared we would just disconnect the monitoring device, and they wanted to let us know they were paying attention. But I didn’t have anything to hide, so I didn’t give it much more thought.

I looked at the documents that were attached to the blackmail request. There were operating budgets and business plans. There were confidential memos to the senior management of my financial partner, written at their request, reviewing the progress of their projects. There were memos critical of staff. There were e-mails between my own team and me exchanging casual commentary on people and places, frustrations and triumphs. Perfectly appropriate for private consumption, but not for public consumption. Then there were e-mails from my personal account. Some concerned the troubled life of my recently deceased mother.

It’s one thing to tell yourself you have nothing to hide; it’s another to surrender all privacy to a hostile intruder. And if “Eric” had these documents, what else did he have? What else did he know? What else was there to know? Who was doing this? Why? What did other people already know? Was there anything about me they didn’t know, or couldn’t misconstrue to their advantage? The intrusion was like a digital cancer that could expand ad infinitum, nourishing itself on every link and attachment and contact address, jeopardizing the privacy of others as well as my own.

The Times story of January 30 reported that the newspaper had been hacked from Mainland China in an apparent attempt to stymie a Times investigation into the finances of Premier Wen Jiabao. The article quoted the newspaper’s executive editor, Jill Abramson, who sought to reassure readers and sources. “Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” she said. A few paragraphs later, however, the story went on to note: “Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside the Times’ newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.”

That’s hardly consoling. You have to wonder how confident any future confidential Chinese source will feel about approaching a Times reporter. Every employee of the paper had his or her corporate password stolen, and 53 employees had their personal computers penetrated. Once that happens, the hackers have the ability to observe and record everything. And to keep it forever.

The Times article described how the hackers would normally begin their probing at 8:00 a.m. and knock off after eight hours. On the clock. Mundane. Banal. In my case, experts I consulted told me that the hacking probably came from government monitors who wanted extra cash. During office hours they did their monitoring, and after hours they sought to supplement their income with a little freelancing. I wonder how many Times staffers will be contacted by their own “Eric.” I wonder how many of those individuals are having to revisit, as I did, their belief that they have nothing to hide.

The whole process of being hacked and blackmailed was eerily akin to undergoing a diagnostic colonoscopy without any anesthetic, which, relying on dubious medical advice, I’ve also experienced. During that medical procedure, a seemingly endless stream of water entered my body from a hose in, well, you know where, and a steady flow of water exited. A nurse leaned into me and grabbed my stomach to help the hose make turns and find its way onward. A video monitor broadcast the journey in vivid color just above my head. The doctor was quite excited for me to see it. I found it humiliating. Not unlike having everything one has ever expressed on e-mail exposed and probed.

Within a day of receiving the e-mail from Eric, I contacted the U.S. Consulate, the FBI, and the security office of my financial partner (a publicly traded Wall Street bank). I was soon sitting in my office, reviewing the matter with representatives from each entity. They wanted to know everything. They wanted access to all of my files to see what the hackers could see. They wanted to conduct their own digital colonoscopy. Knowing the hacker was inside probing around was already awful. Having the “good guys” in there probing around didn’t feel much better. All privacy, all dignity, all control was lost.

Blackmail was a familiar story to the security experts. Their strategy was to treat the hacker like a bully. Don’t respond to the demands, and find a way to punch him in the nose. Easier said than done. Finally, a law firm representing the bank sent Eric an e-mail. It said that the authorities had been notified, the partners had been notified, and there was nothing to be gained by trying to expose what had already been disclosed. It was a gamble, as I really didn’t want to have the documents or e-mails widely circulated. But it worked. After a few days, I received a message from Eric. He was friendly and warm. He said it was just business; nothing personal. He still used my nickname. It gave me the chills.

In retrospect, I should have known better. Hundreds of millions of Chinese operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move. That is their normal. But relegating my experience to the China file—to the concerns of a faraway place—would also be a mistake. With China’s world and ours intersecting online, I expect we’ll eventually wonder how we could have been so naïve to have assumed that privacy was normal—or that breaches of it were news. And Eric, if he’s reading this, probably agrees.

The post What It’s Like To Be Hacked By China appeared first on Zócalo Public Square.