October 18, 2013
October is Cybersecurity Awareness Month and it’s a great time to teach their kids how to stay away from cybercriminals. Kids are not usually the target of cybercriminals, but kids do gather online where hackers and identity thieves lay their traps. Here are 4 ways they may fall into those traps and how they can stop them in their tracks:
1. Online Searches.
Finding information online using a search engine like Google is a great way to find it quickly. When there’s some big news or event that’s about to happen or has just happened, kids may rush online to find out more. But it’s also a time when cybercriminals get to work. They pay attention to areas of high internet traffic and use this to their advantage. Many times they’ll create false websites and links to those sites that are designed to get people to click, download, or open files, but have actually tricked people into downloading malicious software that can secretly watch your surfing habits or open a door to your computer and steal personal information.
Tip: Think twice before clicking on a search result. Mouse over the link to make sure the URL that your shown is the URL you think it is. Stick to sites that you already know and try to steer clear of sites you don’t know much about.
2. Ads and offers.
Kids might be drawn to online offers for popular products, movies, music, event tickets, or games that are created by cybercriminals. They may offer something so enticing that they will click, download, or enter personal information (their own or yours) to get it.
Sometimes well-designed ads for these products show up on websites that are otherwise credible. However, the ads may come from a different source than the place the website itself is hosted, so cybercriminals just have to intercept the place where the ad is stored rather than break into the place where the website is hosted.
They might also receive legitimate-looking emails and texts that contain links that, if clicked, lead them to a legitimate looking website asking them to enter personal information or requiring them to download a file. In the end, they may end up giving that information to a hacker or identity thief.
Tip: If the offer looks too good to be true, it almost always is. Question these offers, and learn to trust your instincts. Don’t click on or open anything that looks odd. Mark suspicious emails as spam.
3. Mobile apps.
With the enormous popularity of apps, it’s no surprise criminals have found a way to wiggle onto smart phones by creating false versions of popular, legitimate apps. In the app stores, it’s sometimes tough to tell which ones might be fake ones because they’re disguised so well. Our researchers have discovered false versions of popular apps like Instagram and Angry Birds Space. These fake apps can be designed to do many things like fool you into entering personal information or downloading malicious software onto your phone that steals your information.
Tip: Do your research before you download and start using apps. Stick to ones made by companies you know or are already publicly very popular, or look them up online before you download them. Don’t allow apps to automatically connect to your other data (such as physical location or contact lists) if there’s no reason to do it for that app. Consider using a service like Trend Micro’s Mobile Security feature which scans and alerts you of apps that are fake or are somehow stealing information they shouldn’t be stealing.
4. Social networks.
Cybercriminal can sometimes sneak onto social networks, where people connect and follow links or content posted by people they know and trust. They can trick someone into “liking” a post or link that is actually fake or they can infiltrate the ads that are increasingly showing up in the midst of the content we see in our social network pages.
Tip: Don’t click on links that seem suspicious, even if it’s something that your friend supposedly posted or endorsed in some way. Contact your friend some other way to make sure they really meant to “like” something on a social network page.
There are many ways cybercriminals disguise themselves online, and these are 4 avenues that kids may most likely see their work. But if you teach kids to practice thinking critically about everything they see, click, download, post online and if you follow some of the general tips below, you will for the most part, make cybercriminals powerless.
In addition to the above advice, here are a few more tips to follow and teach kids:
- Use security software. The most important first step is to use reputable security software on any device that connects to the Internet, and keep it updated. However, cybercriminals use many, constantly changing tactics, so in addition to using security technology, it’s important to be aware and educated about the issues, too.
- Choose online passwords that are not easy for someone to figure out. Pick a word or phrase that mixes letters, numbers, symbols, uppercase and lower case letters to make it as strong as possible. Don’t use the same password for every site or service. One way is to come up with a pattern and change 1-2 characters in the pattern for each site or service you use a password for.
- Use privacy settings wherever they are available and use the strongest level possible. On social networks make sure you understand what information is shared about you publicly, and resist openly sharing personal information online such as home address, phone number, birth date in emails, texts, blogs, or social network updates. Even with privacy settings, anything you post can still be shared by those who see it, so think before you say or do anything online.
- Practice thinking critically about the things you read, post, and download. Not everything you come across online is necessarily as it might appear. Take the time to consider this before you do anything online.
- Stick to well-known websites, social networks and online services for downloading music, games, or movies. If you’re unsure if a site is fake or safe, it’s best not to visit it. Or ask your parents or other adult before visiting it.
- If you need to enter personal information online, enter the least amount necessary. Make sure the website begins with “https” (not http) which is more secure. Also look for information at the bottom of the webpage verifying that the site is secure or has been verified by an outside party to be secure.
- If you think you may have done something wrong and may have fallen for a cybercriminal’s trick, let your parent or other adult know so they can check and fix things if necessary.
To read more, here are additional helpful resources, information and tools:
- The Basics of Web Threats – a glossary and safety guide
- Staying Safe on Social Networks – security tips from Trend Micro
- Parents’ Guides to Facebook, Snapchat, and Instagram – by Connectsafely
- Parent’s Guide to Cybersecurity – by Connectsafely
- Housecall online– scan your PC or Mac and clean it up if it’s been infected – FREE
- Housecall for Android – FREE
- Trend Micro Mobile Security – Security protection including the industry’s first app scanning technology, which lets you know if an app is fake/malicious or safe to download (Android mobile devices)
- Trend Micro Smart Surfing Mobile – will prevent you from visiting hacked/fake websites on iOS devices (iPhone, iPad, iPod Touch) — FREE
- Trend Micro Privacy Scanner for Facebook – this app will monitor your Facebook page settings and help you control who can contact you and access your personal information (Android mobile devices)— FREE
- Trend Micro Titanium – full scale security protection for your PC
- Safe Surfing for the Mac – full scale security protection for your Mac
Lynette Owens is the Founder and Global Director of Trend Micro’s Internet Safety for Kids and Families program. With 20+ years in the tech industry, Lynette speaks and blogs regularly on how to help kids become great digital citizens. She works with communities and 1:1 school districts across the U.S. and around the world to support online safety, digital and media literacy and digital citizenship education. She is a board member of the National Association for Media Literacy Education, an advisory committee member of the Digital Wellness Lab, and serves on the advisory boards of INHOPE and U.S. Safer Internet Day.
Follow her on Twitter @lynettetowens