Speared

Why do older people have such trouble detecting phishing emails?

There’s a guy at work, pretty sharp, who is in his early 60s. Not cognitively impaired in any way. Has worked in IT for many years.

He got some phishing email that said something about, “Some questions on your expense report hotel booking” with of course a link to click on something.

I know because he read that part out loud. And literally before I could say “Don’t click on that!” (which I got the first words out) he clicked on it.

I ran over and pulled out his network cable. Machine completely infected, but no damage done because I jerked the cable within two seconds.

I literally heard the first few words and knew it was a phishing email. How could he not tell definitively?

The company I work for has been a target of various spear phishing attacks because we hold a lot of highly-sensitive corporate data. Suspect some of the spear phishing is corporate espionage attempts.

But the questions remains: why are older people generally so susceptible to such attacks?