The Problem: You Are the Target

If you’re reading this and interested in cybersecurity for women, congratulations—you’re already on the internet, which means, unfortunately, you’re also on some hacker’s radar. Cybercriminals love an easy target, and women over 50 are often first in line. Why? The tired stereotype of tech-averse grandmothers still lingers—and let’s be honest, some of us do overshare on Facebook. Hackers bank on the assumption that you’re too trusting, too nice, too distracted, or just too busy living life to keep up with digital threats.

But here’s the reality…

Cybersecurity isn’t just for tech bros in hoodies or paranoid billionaires. It’s for you. Because while you’re planning that next big trip, reconnecting with old friends, or buying that perfect mid-century lamp off Etsy, someone out there is phishing, scamming, and hacking their way into your digital life.

“Don’t be Thelma.”

In the 2024 movie Thelma, June Squibb plays a spunky grandma who gets scammed out of $10,000 and goes full vigilante. Funny in fiction. Devastating in real life.

Meet the Expert: A White Hat Hacker’s Take

I wanted real, not condescending, advice–so I sat down with Cherise Esparza, co-founder of SecurityGate and an actual white hat hacker (the good kind), who’s been protecting critical infrastructure from cyber threats for decades. Her take on why women over 50 are prime targets?

“You’re at a phase in life where your money is moving—retirement accounts, investments, travel spending—hackers know this,” Esparza said. “They also know you might be living alone, which makes you more likely to fall for scams that prey on fear and urgency.”

But don’t panic. She also has a few simple, actionable ways to keep yourself safe online.

1. Stop Using Dumb Passwords (Yes, Even That One)

“I just use my daughter’s middle name spelled backward. No one will ever guess that,” says me, sheepishly.

The truth is that the Hollywood version of someone trying one password after another, hoping to hit on the right one, is ancient history. “Hackers use software that can test millions of passwords per minute,” Esparza explained. “If your password is anything personal, common, or a variation of ‘Fluffy$2024,’ they’re going to crack it.”

They use information about you—your college, your children’s names, birthdays, streets you’ve lived on. And don’t think you can outsmart them: Using your dog’s name but changing the “S” to an “&” is not the safe solution.

What works instead? Passphrases.

• Instead of “Sunshine123” try “CorrectHorseBatteryStaple!” (or some random phrase only you will remember)
• You can make a passphrase from a book—just make a note of it like “Grapes of Wrath, page seven, sentence two, first four words”
• Longer is better—aim for at least 16 characters
• Use a password manager (yes, they’re safe—safer than that sticky note on your desk)
• Never, ever reuse passwords across different sites

What else works? A Password Vault.

• Devices you use often have a vault built in. For example, the iPhone saves passwords in iCloud for you and can auto-complete them.
• Our tech guy uses a software program called1Password and is happy with it. But after all, he is a tech guy.
• A paper notebook. Yes, just write down your passwords in a little notebook that you don’t use for anything else. Even better, write down passphrases from a book, and even if someone finds the notebook (which you did NOT label “my top secret passwords”), they will just think you’re a meticulous bookworm.

2. Multi-Factor Authentication: Annoying but Necessary

MFA (Multi-Factor Authentication) is that extra step where you verify your identity via text, email, or an authenticator app. Annoying? Yes. Worth it? Also yes.

“If hackers steal your password, MFA is often the only thing stopping them from getting into your bank account,” Esparza said. Prioritize enabling MFA for:

• Banking and investment accounts
• Email accounts
• Any site that has your credit card on file

3. The “Grandma Scam” and Other Social Engineering Tricks

Cybercriminals don’t always rely on fancy hacking software—sometimes, they just need a phone and a good sob story. Imposter scams were the most frequently reported type of fraud last year—over 840,000 cases in the U.S. were filed with the Federal Trade Commission (FTC). The FTC has helpful information on how to spot an imposter scam. For example, watch out for words like “Act Now!” or “Don’t hang up” or even “Don’t trust anyone. They’re in on it.”

“Social engineering is about manipulating human emotions—fear, urgency, trust,” Esparza warned. “If you ever get a frantic call or message from someone claiming to be a grandchild in trouble, pause. Call them back on a known number.”

Other common tricks to watch out for:

• Fake delivery notifications: “Your UPS package is delayed—click here!” (Except you didn’t order anything.)
• Bank alerts: “There’s been suspicious activity on your account.” (Don’t click the link—call your bank directly.)
• Tech support scams: “We’ve detected a virus on your computer.” (No, they haven’t.)

4. Beware of Public Wi-Fi

That free Wi-Fi at the airport or café? A hacker’s playground. If you absolutely must use it, follow these rules:

• Use your phone’s hotspot instead
• Never log into banking or sensitive accounts on public Wi-Fi
• If you travel a lot, invest in a VPN (Virtual Private Network) for added security

5. Safe Words: Not Just for Spies

Here’s a tip that could literally save you thousands: set up a family safe word. If someone calls claiming to be your child or grandchild needing money, they should know the word.

No safe word? No money. Not even a dime.

“We use safe words in my house,” said Esparza. “With AI-powered voice scams on the rise, it’s one of the easiest ways to prevent falling victim.”

6. Be a Little Less Promiscuous (With Your Email)

We sign up for everything these days—newsletters, online stores, travel alerts. But the more places you give your email, the more spam, scams, and phishing attempts you invite into your inbox. Monogamy might be romantic, but not when it comes to email.

“I call it ‘email promiscuity,’” said Esparza. “It’s okay to have multiple emails—one for personal use, one for shopping, one for anything financial. It makes it harder for hackers to connect the dots.”

7. Protect Your Digital Footprint

Ever Googled yourself? You should.

If too much personal information is out there—old addresses, phone numbers, even family connections—consider using services like DeleteMe or other online privacy tools to remove your data from public records sites.

“If a hacker knows your old addresses and relatives’ names, they can answer security questions and break into your accounts,” warned Esparza. “Keeping personal details off the internet is one of the best defenses.”

If you wouldn’t want a scammer to know it, take it down.

8. The AI Threat: What’s Coming Next in Cybersecurity for Women

Artificial intelligence is making scams even more sophisticated. Deepfake technology can mimic voices, creating convincing messages from “family members” in distress. AI-generated scams now sound like your bank—and worse, and your loved ones.

“Hackers are leveraging AI to automate scams at an unprecedented scale,” Esparza warned. “They can create emails that sound exactly like your bank or clone a family member’s voice.”

How to Protect Yourself from AI Scams

• Always verify before taking action—call the person directly if something feels off.
• Set up multi-factor authentication so that even if AI steals your password, it can’t access your accounts.
• Stay informed. The more you know about AI-driven scams, the less likely you are to fall for one.

9. If It Feels Sketchy, It Probably Is

Last but not least, trust your gut. If a deal seems too good to be true, if an email feels off, if a website looks outdated and janky—walk away. Scammers rely on panic, urgency, and impulse. Take a breath before you click.

A very common scam now is an email claiming you owe toll violations with an urgent “pay now” link. A sure sign that this is a scam is the email it is sent from—generic and random (unless your name actually is Ofangoqyl Gaichen).

And speaking of phone calls … If you save a contact in your cell phone, with their name (Daughter #1) or business (Happy Pet Vet), then that name will pop up when they call you. No name? Might not be someone you want to talk to. The Wall Street Journal offers more phone safety tips here.

Final Thoughts: Stay Vigilant, Stay Smart, and follow Cybersecurity for Women

You don’t need a degree in cybersecurity to keep yourself safe. A few simple habits—strong passwords, MFA, staying skeptical of weird messages—can make all the difference. As Esparza put it:

“Cybersecurity is about risk management. You can’t eliminate the risk entirely, but you can make yourself a much harder target—and that’s the goal.”

So, consider this your friendly nudge to lock down your accounts, rethink that password, and tell your family about safe words. Because in the digital world, a little paranoia is a good thing.

Don’t get scammed like Thelma did.

You’ve got better things to do—just make sure getting hacked isn’t one of them.