Updated May 2026 to reflect current data. Original recording: December 2015.

Richard Lowe, The Writing King, joined Sue Zawacki on Aging Info Radio as a cybersecurity expert, drawing on decades spent responsible for enterprise technology and security, to walk through the scams that target ordinary people and the simple habits that defend against them. His message is reassuring rather than alarming: you don’t have to be afraid of the internet, you just have to know what you’re doing.

BOOK YOUR PRIVATE CONSULTATION

The Conversation

Social engineering and phishing

Sue: Let’s talk about social engineering.

Richard: Social engineering is basically a con. The attacker convinces you of something to get something from you, money, your Social Security number, account details, by pretending to be something they’re not. It’s the number one way someone gets into your accounts or commits identity theft. Someone calls claiming to be the IRS and asks about your accounts, and just like that you’ve handed your information to a stranger, because the real IRS doesn’t operate that way. The email version is called phishing, with a “ph”, a message saying your PayPal account is about to be closed unless you respond immediately. You click, type your username and password, and now they have it and can drain your bank account.

Sue: If you see an email advertising something, don’t click it, go to the website directly.

Richard: Exactly. Unless you absolutely know the link is genuine, don’t click it, open your browser and type the address yourself. It takes a little more effort, and it’s worth it. Most of the time they’re after credit cards and passwords, which then get sold to other criminals, so the damage multiplies fast.

The Nigerian 419 scam

Sue: Tell us about the Nigerian scam.

Richard: That’s advance-fee fraud, also called the 419 scam after the Nigerian penal code it violates. The famous version is the foreign official with $1.2 million tied up in an account who needs your help to release it. It sounds almost plausible, so you agree, and then comes an email: just a couple thousand dollars for passports, and it grows and grows. Two hooks set at once, your greed and, because some of what you’re asked to do skirts the law, a sense that you’re now complicit. People have lost hundreds of thousands of dollars getting pulled deeper and deeper.

Romance scams

Richard: The cruelest variation runs through romance. Someone appears on a dating site pretending to be a person they’re not, mines your social networks to learn all about you, and lets a relationship build. Before long you’re sending money to a future partner who is really just a stranger in another country. I read about a case in AARP’s magazine where a woman lost almost $350,000 over six months because she believed the man loved her.

Sue: You can’t save the king, and you don’t need to pay for romance, right?

Richard: If you’ve never met someone, don’t send money without genuinely checking who they are, ideally having a second person check too. It’s not unkind to be careful; it’s how you protect yourself.

Passwords without the panic

Sue: What’s the best way to handle passwords?

Richard: Start with a different password for every account. If a big company gets breached and your password is the same everywhere, with your email as the username, the attacker now has the keys to all your accounts, not just the one that leaked. Different passwords cut that risk dramatically. And when you ask, “I have 200 accounts, how do I track all that?”, and I have over a thousand, the answer is a password manager. It remembers everything, fills in your username and password automatically, and generates long random passwords full of strange characters that you never have to memorize or even type.

Sue: Do you recommend changing passwords often?

Richard: At the time, the standard advice was every 90 days, on the theory that a stolen password database takes a while to exploit, so rotating shut the window. In practice, with a thousand accounts, I set aside a few hours once a year. Worth noting: security guidance has since shifted. The current emphasis is on long, unique passwords kept in a manager and, above all, turning on multi-factor authentication, changing a password when there’s a reason to rather than on a rigid schedule.

Safer browsing

Sue: How do you protect yourself while browsing?

Richard: Keep your antivirus and firewall up to date, use a modern browser, and add an ad blocker extension. The ad blocker matters because a lot of infections ride in on banner ads, which are very hard to police, there have been major outbreaks spread that way. Blocking the ads removes that attack route, and as a bonus your browsing gets faster. That route is becoming more common all the time.

Don’t live in fear

Sue: Give us your words of wisdom.

Richard: Don’t be afraid of the internet. That’s the whole reason I wrote my book, Family Cybersecurity, because people are frightened, and they don’t need to be. Anyone can be targeted, and you can’t guard against absolutely everything, but fear only paralyzes you. Learn the dangers, understand the consequences of what you do, and be smart. Think before you click. And if someone you’ve never met asks for money for something that feels off, listen to your gut, and don’t.

Find Richard Lowe at TheWritingKing.com.

Notable quotes from this conversation

Common questions from this conversation

What is social engineering?
A con designed to trick you into handing over money or information by pretending to be someone trustworthy, like a fake IRS caller. Phishing is the email version, often a fake urgent warning about an account, designed to capture your username and password.

What is the Nigerian, or 419, scam?
Advance-fee fraud, named for the Nigerian penal code it breaks. The victim is promised a large payout in exchange for help and a small upfront fee, then asked for more and more, losing escalating sums over time.

How should I manage my passwords?
Use a unique password for every account and store them in a password manager, which generates and fills in long random passwords for you. Current best practice also adds multi-factor authentication and changing passwords when there’s a reason, rather than on a fixed schedule.

How do online romance scams work?
A scammer builds a fake relationship on a dating site, using details from your social media to seem genuine, then asks for money. Never send money to someone you’ve never met, and consider having a second person check their story.

How do I browse the web more safely?
Keep your antivirus, firewall, and browser up to date, and use an ad blocker, since many infections spread through banner ads. Blocking ads closes that attack route and speeds up your browsing.