Large-scale data analytics and anomaly detection systems helps identify the victimized and intervene faster, enabling preemptive rather than reactive protection.

When it comes to the now notorious syndicates orchestrating romance scams, investment fraud, and impersonation schemes worldwide, senior citizens face disproportionate risks.

Research demonstrates that cognitive changes associated with aging, combined with limited exposure to evolving digital threats, create and broaden vulnerability. Additionally, criminals exploit psychological tactics such as authority impersonation and artificial urgency — techniques that affect seniors more effectively than other age groups.

Addressing this vulnerable group requires coordinated defenses across both technology and user education, according to Robert Pizzari, Group Vice President (Asia), Splunk, in this interview with CybersecAsia.net.

CybersecAsia: From what you know in your regional work, what are the threats senior citizens face due to advanced hacks or scams?

Robert Pizzari (RP): To target people, criminals pose as government officials, telecom representatives, or even friends. These scams often start with phishing emails or SMS that trick victims into clicking malicious links or sharing credentials.

What makes these threats more dangerous today is the use of AI. Fraudsters increasingly deploy voice-cloning, deepfake videos, and AI-generated messages to increase credibility, making it harder for seniors to distinguish genuine communication from fake.

However, AI also offers promise when used on the defensive side. Applied correctly, the technology can sift through vast amounts of data to spot subtle anomalies such as unusual login locations or suspicious transaction patterns that would otherwise go unnoticed. When leveraged for fraud detection, this enables earlier intervention and reduces the chances of people — especially seniors — falling prey to scams.

CybersecAsia: With many Asian countries reporting rapidly aging populations, and scams targeting the older age groups getting more sophisticated, what can governments do to protect them better?

RP: A significant portion of Asia’s population is active online, but may not always have the same digital literacy or awareness of evolving cyber threats. This creates a perfect environment for phishing, impersonation, and fraudulent investment schemes to take root.

To counter this, governments and organizations need to build digital services that are not only accessible but also fraud-aware: embedding clear verification prompts, anomaly detection, and user education that can help vulnerable groups pause and verify before acting.

At the same time, seniors are not the only targets. Bad actors will exploit any demographic or sector that promises high returns, which underscores the importance of stronger, AI-enabled defenses — to detect threats/victim activities earlier, improve accuracy, and enable quicker system intervention to prevent successful heists and protect vulnerable groups and critical sectors alike.

CybersecAsia: Sectors such as banking, insurance, retail and government are the places where senior citizens take their transactions digitally. What should the CISOs in such institutions focus on, to protect vulnerable seniors?

RP: My recommendations are:

  • Embed proactive fraud and anomaly detection by leveraging AI. Move beyond static rules to behaviour-based analytics that correlate patterns across transactions, logins, and devices. For organizations serving seniors, this means faster detection of fraudulent patterns, reduced downtime, and more secure online interactions.
  • Strengthen identity and access controls without creating friction. Certain elderly groups often struggle with complex authentication procedures. Adaptive methods such as biometrics or risk-based MFA, triggered only when activity looks suspicious, can balance usability with security and protect seniors in such processes.
  • Invest in cyber awareness and resilience at the edge. As attackers often exploit the human element, technology alone is not sufficient. CISOs can collaborate with industry bodies and regulators to roll out targeted awareness campaigns for seniors, reinforcing practical red-flag checks. At the same time, organizations should prepare their security operations centers with automated playbooks and incident response workflows, so that if a senior has been victimized, teams can intervene and remediate quickly.
  • Inject special rest-and-reflect points that act as a safety net for seniors: Fraudsters rely on creating urgency – pushing victims to act before they think. Offering a visible “I am not sure” button in important online transaction dialog boxes would introduce a pause that elderly users can welcome at a critical moment. For example, if a senior receives an unexpected prompt to transfer funds, noticing and then selecting this option could automatically pause the transaction, trigger an additional verification step, or connect them to a verified helpline. The focus should be on making digital safer and more intuitive and more inclusive for seniors through plain-language prompts, layered verification, and proactive monitoring for anomalies. This not only protects seniors but also builds long-term trust in the system.

CybersecAsia: Beyond helping seniors and vulnerable users, what measures should organizations prioritize to stay resilient themselves in the AI-powered cybercrime landscape?

RP: To stay resilient, governments and organizations need to prioritize three things:

  • Trustworthy guardrails: Ensure human oversight, responsible and transparent decision-making, and sovereignty-aware architectures.
  • Stronger data foundations: AI is only as effective as the data it learns from. Strong data governance, federation, and lifecycle management can provide the right context while maintaining compliance.
  • Shared defenses: No single security ops center can stand alone in the age of autonomous AI. Public-private partnerships and cross-border sharing of insights will be essential to counter increasingly automated threats.

CybersecAsia thanks Robert Pizzari for sharing his organization’s perspectives.