Specialised Threats & Vulnerable Groups
Some attacks are designed for everyone. Others are calibrated for a specific person, in a specific situation, on a specific platform. This section covers the contexts where that targeting is most concentrated.
The Phone Call Ramesh Almost Answered
Ramesh is 68. He retired from teaching two years ago and manages his pension savings through a bank app his daughter helped him set up.
On a Tuesday morning, his phone rang. The caller said he was from the Pension Fund Authority. There was a discrepancy in Ramesh's account. His next payment was at risk. He needed to verify his Aadhaar number and bank details immediately.
Ramesh had never heard of this kind of scam. He had no reason not to trust a caller who knew his name, knew his bank, and sounded official.
He paused and called his daughter first.
She told him to hang up and call the pension office directly on the number from their website. He did. The pension office had no record of any such call. His account was fine.
What protected Ramesh was one habit: pause and verify through a channel you already trust.
Not every person in Ramesh's situation has that habit. Not every person has someone to call.
This section exists because protection is not equally distributed. Attackers know who is least likely to have it.
What Is Actually Happening: Targeting Is Not Random
Vulnerability is not weakness. It is circumstance. Attackers study which situations reduce the friction of compliance, make verification harder, or increase the cost of not acting.
$3.4B
lost by adults over 60 to fraud in the US alone in 2024, the highest of any age group.
The financial loss is the visible damage. Psychological harm and lost independence are harder to quantify but consistently reported as more devastating.
Source: FBI Internet Crime Complaint Center (IC3) Annual Report, 2025$1.1B in In-Game Fraud
In-game item theft, account hijacking, and fake trading sites cost gamers an estimated $1.1B globally in 2024. Gaming platforms are also the primary first-contact environment for grooming of minors.
BEC Tops $2.77B in Losses
Business Email Compromise remains the costliest cybercrime category. Vendor payment fraud and CEO impersonation account for the majority of losses. A single successful invoice scam can exceed $500,000.
$5.6B Lost to Crypto Scams
Crypto and investment fraud accounted for $5.6B in losses in 2024. Rug pulls, fake exchanges, and pig-butchering scams targeting crypto holders make up the fastest-growing fraud category globally.
65% of Journalists Targeted Digitally
In a 2024 UNESCO survey, 65% of women journalists reported online violence. State-sponsored spyware like Pegasus has been confirmed on devices of journalists and activists in 45+ countries since 2020.
See It From the Other Side
You will see digital threats differently after experiencing them from outside your own context. This section simulation places you inside someone else's digital day. Select a profile and navigate 3 threat moments they face.
What That Just Showed You
The constraint is the vulnerability.
Every profile had a different reason why the safe response was harder to take. Financial urgency, limited digital literacy, language barriers, and fear of deportation are not character flaws. They are the conditions attackers deliberately seek out.
Protective networks are the most durable protection.
In nearly every scenario, having access to one trusted person made the difference. The most scalable protection for vulnerable groups is not more awareness training for them. It is more aware people around them.
The same attack looks different to different people.
A loan app that reads as obviously predatory to a financially stable person looks like the only option to someone in genuine distress. Understanding context is how you help people in your own network.
Three Things Worth Doing
1. Identify one person in your network who might be in a high-risk group. Think about who around you is older, recently arrived in a new country, in financial difficulty, or going through a major life transition. Check in. Share what you know.
2. Set up a "pause and verify" habit for anyone you support. The single most protective behaviour across all vulnerable-group attacks is a habitual pause before acting. Help the people around you identify who to call when something seems wrong.
3. Know the reporting paths for the groups in this section. Each module ends with specific resources. The most useful thing you can do is know where to send someone before they need it.
One Question Before You Continue
Ramesh almost gave his Aadhaar and bank details to a fraudulent caller. The caller knew his name and which bank he used. What made the call convincing, and what would have stopped it?