Your parents grew up in a world where a phone call from "the bank" was legitimate. Now they're navigating a web full of fake virus warnings, phishing emails, and tech support scams. Here's how to protect them without being condescending.
Scammers don't target elderly people because they're gullible. They target them because the economics work in their favor. Here's what makes older adults more vulnerable:
paypa1-secure.com isn't PayPal. Someone who didn't grow up parsing URLs doesn't have that pattern recognition.Understanding this isn't about blame. It's about knowing what you're protecting against so you can set up the right defenses.
A popup appears saying "Your computer is infected! Call Microsoft immediately at 1-800-XXX-XXXX." It looks official. It might even play an alarm sound or freeze the browser. Your parent calls the number, and a scammer walks them through giving remote access to their computer — then charges hundreds of dollars to "fix" a problem that never existed.
These fake tech support popups are one of the most common scams targeting seniors. Microsoft will never display a phone number in a browser popup. Neither will Apple, Google, or any legitimate company.
An email arrives from "Chase Bank" or "Medicare" saying there's a problem with their account. The link goes to a page that looks exactly like the real login page — but isn't. Once they enter their credentials, the attacker has their password.
Modern phishing emails are sophisticated. They copy real branding pixel-for-pixel. The only reliable tell is the URL — which is exactly what most elderly users don't check.
Someone connects with your parent on Facebook or a dating site. Over weeks or months, they build an emotional relationship. Then the requests start: money for a plane ticket to visit, help with a medical emergency, an "investment opportunity." The FBI's IC3 reported over $1 billion in romance scam losses in a single year, with victims over 60 accounting for the largest share.
These are the hardest scams to prevent with technology because the manipulation is emotional, not technical. But awareness is the first line of defense.
A full-screen browser alert appears: "WARNING: Your computer has been infected with 3 viruses!" with a big button to "Scan Now" or "Download Protection." Clicking it installs actual malware — or leads to a fake antivirus subscription that charges their credit card monthly.
These scareware popups exploit the gap between how much your parent cares about their computer's safety and how much they understand about what real security warnings look like. PhishClean detects and blocks these fake alerts automatically.
"Congratulations! You've won $500,000 in the International Lottery!" All they need to do is pay a small "processing fee" or provide their bank details to receive the winnings. There are no winnings. You cannot win a lottery you didn't enter.
These arrive via email, text, social media, and even physical mail. They work because the emotional appeal — the excitement of a windfall — overrides rational analysis.
You can't be there every time your parent opens their browser. The goal is to set up protection that works without ongoing intervention.
This is the single most impactful thing you can do, and it takes under a minute. PhishClean runs silently in the background, analyzing every page for phishing signals, suspicious forms, hidden iframes, and fake virus warnings. When it detects a threat, it warns the user before they can enter sensitive information.
There's nothing for your parent to configure, no settings to manage, and no decisions to make. Install it and forget it. That's the whole point — protection that doesn't require technical knowledge.
PhishClean runs entirely in the browser. It doesn't send browsing data anywhere, which means you're not trading your parent's privacy for their security. Nothing leaves the device.
A password manager does two things that matter here. First, it generates strong, unique passwords so a breach on one site doesn't compromise everything else. Second — and this is the part people overlook — it won't autofill credentials on a phishing site because the domain doesn't match. That's built-in phishing protection your parent gets without thinking about it.
Bitwarden (free) or 1Password are both good options. Set it up during your next visit. Import their existing passwords, and show them how the browser extension fills in login forms automatically.
At minimum, enable two-factor authentication on their email, bank, and social media accounts. Even if a scammer gets their password through phishing, 2FA adds a barrier. Use an authenticator app over SMS if possible — but SMS-based 2FA is still dramatically better than no 2FA at all.
For parents who find authenticator apps confusing, SMS codes are an acceptable compromise. The goal is protection they'll actually use.
There are a few things every elderly internet user should know. Frame these as facts, not lectures:
Many scam sites work by first getting permission to send browser notifications. Then they flood your parent's screen with fake virus alerts and "security warnings" that look like system messages. Go into their browser settings and set notifications to "Don't allow sites to send notifications" — or at least "Ask before sending." Then clear any notification permissions that have already been granted to sites they don't recognize.
The hardest part of protecting your parents isn't the technology. It's the conversation. Most adult children make one of two mistakes: they either avoid the topic entirely, or they approach it in a way that makes their parent feel incompetent.
What works is treating it like you would any other safety topic — matter-of-factly, without condescension.
Instead of "You need to be more careful online," try: "I've been reading about these new scams that are targeting everyone. Even tech-savvy people are falling for them. Can I set up a couple of things on your computer that'll catch the obvious ones?"
Make it about the scammers being sophisticated, not about your parent being naive. Because the truth is, modern phishing really is sophisticated enough to fool anyone. A pixel-perfect replica of a bank login page would fool most people if they weren't specifically looking at the URL.
Offer to be their "IT department." Tell them: "If you ever get a popup or email that seems scary, just call me before doing anything. I'm happy to look at it." Give them an easy out that doesn't require them to judge whether something is a scam on their own.
Never shame them. If they've already been scammed, help them report it and recover. Shame makes people hide future incidents — which means they'll be scammed again and you won't know until it's too late. Your reaction to the first scam determines whether they'll tell you about the second one.
What is the best browser extension to protect elderly parents from scams?
PhishClean works well for non-tech-savvy users because there's nothing to configure. Install it, and it quietly checks every page for phishing signals, fake virus popups, and suspicious forms. If something's wrong, it warns the user before they can enter sensitive info. No settings, no decisions, no maintenance.
How do I set up online scam protection on my parent's computer remotely?
Start by installing PhishClean on their browser — it takes under a minute and works immediately with no setup. Next, use a remote desktop tool like Chrome Remote Desktop (free) or TeamViewer to set up a password manager, enable 2FA on their email and bank accounts, and disable browser notification prompts. You can do the entire setup in one remote session.
My elderly parent already fell for a scam. What should I do?
Don't shame them — that makes people hide future incidents. Help them change passwords on any compromised accounts immediately. If financial information was shared, contact the bank's fraud department right away. Report the scam to the FTC at reportfraud.ftc.gov (US) or Action Fraud (UK). Then set up tools like PhishClean and a password manager so it doesn't happen again. See our full guide on what to do after a phishing attack.
PhishClean watches every page for phishing signals, scam popups, and suspicious forms — silently, with zero configuration. Set it up on your parent's browser in under a minute.
Install PhishCleanIf this helped, save it for later, share it with someone who would benefit from it, or subscribe for new browser-security guides from PhishClean.
Get practical phishing and browser-safety articles in your inbox. No salesy drip, just new guides and product updates when they are worth sending.