Back to School Internet safety

August 5, 2024

Internet Safety for Kids: Top 7 Dangers They Face Online (kaspersky.com)

The internet can be a dangerous neighborhood for everyone, but children and teens are especially vulnerable. From cyber predators to social media posts that can come back to haunt them later in life, online hazards can have severe, costly, even tragic, consequences. Children may unwittingly expose their families to internet threats, for example, by accidentally downloading malware that could give cyber criminals access to their parents' bank account or other sensitive information. Protecting children on the internet is a matter of awareness—knowing what dangers lurk and how to safeguard against them. Although cyber security software can help protect against some threats, the most important safety measure is open communication with your children.

Cyberbullying

The vast majority, 90%, of teens agree that cyber bullying a problem, and 63% believe this is a serious problem. What’s more, a 2018 survey of children’s online behavior found that approximately 60% of children who use social media have witnessed some form of bullying, and that, for various reasons, most children ignored the behavior altogether. And according to enough.org, as of February 2018, nearly half (47%) of all young people had been the victims of cyber bullying. Social media and online games are today's virtual playground, and that is where much cyber bullying takes place, and it’s operating 24/7. Children can be ridiculed in social media exchanges. Or, in online gaming, their player personas can be subjected to incessant attack, turning the game from an imaginative adventure into a humiliating ordeal that escalate into cyber bullying across multiple platforms and in real-life.

The best foundation for protecting against cyber bullying is to be comfortable talking to your children about what is going on in their lives online and in in real-life (IRL) and how to stand up to bullies. Cyber security software and specialized apps for monitoring your child’s online and mobile activity can help,
but nothing will replace an open dialog.

Cyber Predators

These days sexual and other predators often stalk children on the internet, taking advantage of their innocence, lack of adult supervision and abusing their trust. This can culminate in children being lured into dangerous personal encounters IRL. These predators lurk on social media and gaming platforms that appeal to children—the same virtual venues where anonymity facilitates cyber bullying. There, they can exploit not only children's innocence, but also their gift of imagination. “Let's play pretend” is a common and healthy part of online gaming and interaction, but predators can use it as a hook to pull children in.

The FBI offers guidance in safeguarding against predators and other online risks to child safety. However, again, the best protection is regularly talking to your children about what is going on in their day-to-day lives.

Posting Private Information

Children do not yet understand social boundaries. They may post personally identifiable information (PII) online, for example in their social media profiles, that should not be out in public. This might be anything from images of awkward personal moments to their home addresses or family vacation plans.

Much, but not all, of what your children post is in public view. This means that you can also see it—and there's no harm in reminding them that if Mom and Dad can see it, so can everyone else. Avoid snooping, but speak frankly to your kids about public boundaries and what they mean for your children and your family as a whole.

Phishing

Phishing is what cyber security professionals call the use of emails that try to trick people into clicking on malicious links or attachments. These can be especially difficult for kids to detect because often, the email will appear to be from someone legitimate, like a friend or family member, saying simply, “Hey—thought you might like this!” This can also be done with using messaging apps or text messages—then it's called “smishing”.

Phishing emails and smishing texts can pop up at any time, but the cyber criminals who devise them keep watch on sites that are popular with children, and gather information such as email addresses and friends' names and other information to tailor their attacks, just as they do when spear phishing adults to access corporate networks. Teach your children to avoid clicking on emails or texts from strangers and to be wary of messages that appear to be from their friends but seem “off” or have no genuine personal message attached.

Falling for Scams

Children are probably not going to fall for Nigerian princes offering them a million dollars, but they might fall for scams that offer things they value, such as free access to online games or special features. Young people are easy marks for scams because they have not yet learned to be wary. As with phishing, cyber criminals can use sites popular with children to identify potential victims, and then promise prizes in return for what they want—like parents' credit card information.

Young or old, the best protection against scams is knowing that if an offer sounds too good to be true, it probably isn't true. Teach your children to be leery of online offers that promise too much.

Accidentally Downloading Malware

Malware is computer software that is installed without the knowledge of permission of the victim and performs harmful actions on the computer. This includes stealing personal information from your computer or hijacking it for use in a “botnet,” which causes sluggish performance. Cyber criminals often trick people into downloading malware. Phishing is one such trick, but there are others—such as convincing victims to download malware masquerading as games—can be especially beguiling to children.

As with scams, educating your children is the best protection, but comprehensive, cross-device cyber security software and related securityprotections can help safeguard your child's computer against any malware that sneaks into it. In addition, many internet security products also include specific parental controls and applications that can help you build a secure framework for your children's online activities.

Posts that Come Back to Haunt a Child Later in Life

The internet does not have a “Delete” key. It is the opposite of Las Vegas. Things that happen online, stay online. Forever. Anything your child puts online is nearly impossible to remove later. The dangers of social media are especially daunting. It is hard for teenagers in particular to consider how a party picture or Snapchat message could cause problems ten years down the road when they interview for a new job, or how a prospective mate might respond to personal content that they post to their social media profiles or other websites.

Explain to your teens that their style and opinions are guaranteed to change as they grow older. With no “Take-Back” or “Delete” buttons, their 15-year-old self can dramatically alter their adult life in a single click. How they wish to present themselves online and IRL will likely change as they age—but internet posts are forever.

The internet can pose serious dangers to children. It can also open doors of wonder for them that previous generations could not even have dreamed of. Help ensure that your children’s online safety so they experience the joys and opportunities of the online world, and avoid its hazards. Be aware. Be vigilant. But first and foremost be actively involved in your children’s digital and day-to-day lives and communicate openly.

14 Online Scams You Need to Be Aware Of (Readers Digest)

When it comes to protecting yourself from online scams, education is your best defense. Here’s what you need to know to stay safe.

The most common online scams

Think you could never fall for one of the most common online scams? Think again. It’s all too easy to get caught up in the excitement of an incredible vacation deal or the panic that you owe back taxes to the IRS. Scammers can be incredibly convincing, and there are more and more of them to contend with. In fact, the FTC received more than 2.8 million fraud reports in 2021, which amounted to losses of more than $5.8 billion—up a whopping 70% from 2020. By familiarizing yourself with these common scam techniques, you’ll think before you click..

Free trial scam

How it works: You see an internet offer for a free one-month trial of some amazing product—often a weight-loss program, a teeth whitener or some other thing offering incredible results in record time. All you pay is $5.95 for shipping and handling … or so you think.

What’s really going on: Buried in the fine print, often in a color that washes into the background, are terms that obligate you to pay $79 to $99 a month in fees—forever. Canceling these subscriptions can be a beast and can take months.

Fake Wi-Fi hotspot scam

How it works: You’re sitting in an airport or a coffee shop, and you log into the local Wi-Fi. It could be free, or it could resemble a pay service like Boingo Wireless. You connect, and everything seems fine.

What’s really going on: The site looks legitimate, but it’s actually an online scam run by a criminal from a laptop. He’s most likely sitting very close to you, and you have no idea he’s mining your computer for banking, credit card and other password information. If it’s a fake pay site, he also gets your credit card info, which he’ll then sell to other crooks.

Bogus contest scam

How it works: You get a direct message or a comment on a social media post announcing a contest for a free iPad, a trip to Hawaii or some other expensive prize. The message says, “Just click on the link to learn more.” The scammer will tell you that in order to claim your winnings, you must pay a small fee that they call “taxes,” “shipping and handling charges” or “processing fees.”

What’s really going on: This online scam happens mostly on Twitter, but it can happen on any social media or networking site and even via email or text. It occasionally happens over the phone, and if it does, the caller will ask for your email so they can send a link and you can claim your prize. The link takes your fee for the “prize,” steals your credit card information and also downloads a “bot,” which will let the hacker send spam emails from your account.

Scareware scam

How it works: A window pops up about a legitimate-sounding antivirus software program like “Antivirus XP 2022” or “SecurityTool” and says that your machine has been infected with a dangerous bug. You’re prompted to click on a link that will run a scan. Of course, the scan finds a virus—and for a fee, typically about $50, the company promises to clean up your computer.

What’s really going on: When you click on the link, the sham company installs malware on your computer. No surprise—there will be no cleanup. But the thieves have your credit card number, you’re out the money and your computer is left on life support.

Smishing scam

How it works: You receive a text from your bank or credit card issuer, saying there’s been a problem and you need to call right away with some account information. They might tell you your account has been compromised and you need to act fast so you don’t lose everything.

What’s really going on: The “bank” is a scammer who hopes you’ll reveal your account information. If you do, you’re actually surrendering your credit card information to black-hat marketers who will ring up phony charges.

Charity scam

How it works: You get an email or social media DM with an image of a malnourished orphan from a developing nation. “Please give what you can today,” goes the charity’s plea, followed by a request for cash. To speed relief efforts, the email recommends sending a Western Union wire transfer as well as detailed personal information, such as your address, Social Security number and checking account info. It’s for the children!

What’s really going on: The charity is a scam designed to harvest your cash and banking information. Nothing goes toward helping those in need—every penny you sent goes to the scammer. Even worse, the scammer now has access to all your personal information, and if you don’t act quickly, they’ll drain your bank accounts, rack up charges on your credit cards and possibly steal your identity..

Romance scam

How it works: You meet someone on a dating site, on Facebook, in a chat room or while playing a virtual game. You exchange pictures, talk on the phone and get close quickly. It soon becomes obvious that you were meant for each other, but the love of your life lives in a foreign country and needs money to get away from a cruel father or to get medical care or to buy a plane ticket so you can finally be together.

What’s really going on: Your new love is a scam artist. There will be no tearful hug at the airport, no happily ever after. You will lose your money and possibly your faith in humankind. It may be hard to admit it happened to you, but you’re the victim of a romance scam.

Business email compromise scam

How it works: You sent your client an invoice, but they didn’t pay after 30 days, so you send a reminder that their payment is past due. The client replies and tells you they paid via wire transfer. The only problem? You don’t accept payments via wire transfer.

What’s really going on: Someone hacked into your business account and sent an email to your client with directions on how to wire the money to pay their balance. The client wired the money—but not to you—and now the scammer has the money, and the account is closed or untraceable.

Counterfeit goods scam

How it works: You’re doing some online shopping, as one does. You see what looks like a great deal on Amazon (for new items) or eBay or other resale sites (for vintage items) and place an order. Everything seems fine … until you get the item.

What’s really going on: The seller’s a scammer, and they’re going to send you a counterfeit product (or nothing at all)—and they’ll still get your money. These scammers often post delivery dates that are three or four weeks from the date of purchase, and they typically receive payment long before you discover that it was a scam.

Hitman scam

How it works: You get an email (or a text) from someone saying he’s been hired to kill you or kidnap a family member. He tells you to send a large amount of money via Cash App or another irreversible method in exchange for your safety. Usually, the email will also warn you against contacting the authorities, saying that will only make things worse.

What’s really going on: There is no assassin. Somebody found your email address randomly (along with hundreds of others) and just wants your money.

Travel scam

How it works: You see a social media post or get an email advertising an amazing deal on airline tickets or an all-inclusive vacation to an exciting destination like Paris or Fiji. And it is truly amazing: We’re talking a $10,000 vacation for just $999. How could you say no?

What’s really going on: Like the “free trial” scam, travel scams often have extra costs hidden in the fine print. If it does, the initial fee won’t cover much, and you’ll have to pay thousands in resort fees. Or that confirmation code may never land in your inbox. Either way, the scammer will now also have your credit card info—or ask you to pay through CashApp or Zelle—opening you up to additional theft.

Empty house scam

How it works: You’re on vacation having the time of your life, and you want to share the joy with your friends and Instagram followers. You post a few photos from Lisbon, announcing, “Next stop, Amalfi Coast!” You don’t think twice about it, but when you get home, your house has been ransacked and robbed.

What’s really going on: Criminals scour social media sites for people posting pictures of themselves out of town so they can find empty residences to burglarize. Some even pay attention to obituaries. This is a scam that exists mostly offline, but it’s your online activity that makes you a potential victim.

Elder financial scam

How it works: A loved one becomes a widow. They’re alone and lonely, until another widow finds them on Facebook and says, “I know what you’re going through.” They become fast friends, and then the friend has an emergency—perhaps a sick grandchild or an unexpected car repair—and needs to borrow money immediately.

What’s really going on: This new “friend” isn’t a friend at all—they’re a scammer, of course. They may vanish after the first payment is made, or they may stick around to see how much more they can squeeze out of the unassuming elder. In elder fraud, the scammer might also eventually attempt to take over the elder’s bank accounts and even steal their identity.

Internet Security Web Links

Cyber Security Vocabulary

Adware – Adware refers to any piece of software or application that displays advertisements on your computer.
Advanced Persistent Threat (APT) – An advanced persistent threat is an attack in which an unauthorized user gains access to a system or network without being detected.
Anti-Virus Software – Anti-virus software is a computer program used to prevent, detect, and remove malware.
Artificial Intelligence – Artificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions.
Attachment – An attachment is a computer file sent with an email message.
Authentication – Authentication is a process that ensures and confirms a user’s identity.
Back door – A backdoor is used to describe a hidden method of bypassing security to gain access to a restricted part of a computer system.
Backup – To make a copy of data stored on a computer or server to reduce the potential impact of failure or loss.
Baiting – Online baiting involves enticing a victim with an incentive.
Bluetooth – Bluetooth is a wireless technology for exchanging data over short distances.
Blackhat – Black hat hacker refers to a hacker that violates computer security for personal gain or malice.
Botnet – A botnet is a collection of internet-connected devices, which may include PCs, servers and mobile devices that are infected and controlled by a common type of malware.
Broadband – High-speed data transmission system where the communications circuit is shared between multiple users.
Browser – A browser is software that is used to access the internet. The most popular web browsers are Chrome, Firefox, Safari, Internet Explorer, and Edge.
Brute Force Attack – Brute force attack is an activity which involves repetitive successive attempts of trying various password combinations to break into any website.
Bug – A bug refers to an error, fault or flaw in a computer program that may cause it to unexpectedly quit or behave in an unintended manner.
BYOD – Bring your own device (BYOD) refers to employees using personal devices to connect to their organisational networks.
Clickjacking – Clickjacking, also known as a UI redress attack, is a common hacking technique in which an attacker creates an invisible page or an HTML element that overlays the legitimate page.
Cloud Computing – The practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.
Cookie – Cookies are small files which are stored on a user’s computer. Cookies provide a way for the website to recognize you and keep track of your preferences.
Critical Update – A fix for a specific problem that addresses a critical, non-security-related bug in computer software.
Cyber Warfare – Cyber warfare typically refers to cyber-attacks perpetrated by one nation-state against another.
Data Breach – A data breach is a confirmed incident where information has been stolen or taken from a system without the knowledge or authorization of the system’s owner.
Data Server – Data server is the phrase used to describe computer software and hardware that delivers database services.
DDoS Attack – A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Deepfake – Deepfake refers to any video in which faces have been either swapped or digitally altered, with the help of AI.
Domain name – The part of a network address which identifies it as belonging to a particular domain.
Domain Name Server – A server that converts recognizable domain names into their unique IP address.
Download – To copy (data) from one computer system to another, typically over the Internet.
Exploit – A malicious application or script that can be used to take advantage of a computer’s vulnerability.
Firewall – A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
Hacking – Hacking refers to an unauthorized intrusion into a computer or a network.
Honeypot – A decoy system or network that serves to attract potential attackers.
HTML – Hypertext Markup Language (HTML) is the standard markup language for creating web pages and web applications.
Identity theft – Identity theft is a crime in which someone uses personally identifiable information in order to impersonate someone else.
Incident Response Plan – An incident response policy is a plan outlying organization’s response to an information security incident.
Internet of things (IoT) – The Internet of Things, or IoT, refers to the billions of physical devices around the world that are now connected to the internet, collecting, and sharing data.
IP Address – An IP address is an identifying number for a piece of network hardware. Having an IP address allows a device to communicate with other devices over an IP-based network like the internet.
IOS – An operating system used for mobile devices manufactured by Apple.
Keystroke logger – A keystroke logger is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you are unaware actions are being monitored.
Malware – Malware is shorthand for malicious software and is designed to cause damage to a computer, server, or computer network.
Malvertising – The use of online advertising to deliver malware.
Memory stick – A memory stick is a small device that connects to a computer and allows you to store and copy information.
MP3 – MP3 is a means of compressing a sound sequence into a very small file, to enable digital storage and transmission.
Multi-Factor Authentication – Multi-Factor Authentication (MFA) provides a method to verify a user’s identity by requiring them to provide more than one piece of identifying information.
Packet Sniffer – Software designed to monitor and record network traffic.
Padlock – A padlock icon displayed in a web browser indicates a secure mode where communications between browser and web server are encrypted.
Patch – A patch is a piece of software code that can be applied after the software program has been installed to correct an issue with that program.
Penetration testing – Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Phishing – Phishing is a method of trying to gather personal information using deceptive e-mails and websites.
Policy Management – Policy Management is the process of creating, communicating, and maintaining policies and procedures within an organization.
Proxy Server – A proxy server is another computer system which serves as a hub through which internet requests are processed.
Pre-texting – Pre-texting is the act of creating a fictional narrative or pretext to manipulate a victim into disclosing sensitive information.
Ransomware – A type of malicious software designed to block access to a computer system until a sum of money is paid.
Rootkit – Rootkits are a type of malware designed to remain hidden on your computer.
Router – A router is a piece of network hardware that allows communication between your local home network and the Internet.
Scam – A scam is a term used to describe any fraudulent business or scheme that takes money or other goods from an unsuspecting person.
Scareware – Scareware is a type of malware designed to trick victims into purchasing and downloading potentially dangerous software.
Security Awareness Training – Security awareness training is a training program aimed at heightening security awareness within an organization.
Security Operations Centre (SOC) – A SOC monitors an organization’s security operations to prevent, detect and respond to any potential threats.
Server – A server is a computer program that provides a service to another computer program (and its user).
Smishing – Smishing is any kind of phishing that involves a text message.
Spam – Spam is slang commonly used to describe junk e-mail on the Internet.
Social Engineering – Social engineering is the art of manipulating people, so they disclose confidential information.
Software – Software is the name given to the programs you will use to perform tasks with your computer.
Spear Phishing – Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
Spyware – Spyware is a type of software that installs itself on a device and secretly monitors a victim’s online activity.
Tailgating – Tailgating involves someone who lacks the proper authentication following an employee into a restricted area.
Tablet – A tablet is a wireless, portable personal computer with a touchscreen interface.
Traffic – Web traffic is the amount of data sent and received by visitors to a website.
Trojan – A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers to disguise as legitimate software to gain access to target users’ systems.
Two-Factor Authentication – Two-factor authentication (2FA), often referred to as two-step verification, is a security process in which the user provides two authentication factors to verify they are who they say they are.
USB – USB (Universal Serial Bus) is the most popular connection used to connect a computer to devices such as digital cameras, printers, scanners, and external hard drives.
Username – A username is a name that uniquely identifies someone on a computer system.
Virus – A computer virus is a malicious software program loaded onto a user’s computer without the user’s knowledge and performs malicious actions.
VPN (Virtual Private Network) – A virtual private network gives you online privacy and anonymity by creating a private network from a public Internet connection. VPNs mask your Internet protocol (IP) address so your online actions are virtually untraceable.
Vulnerability – A vulnerability refers to a flaw in a system that can leave it open to attack.
Vishing – Vishing is the telephone equivalent of phishing. It is an attempt to scam someone over the phone into surrendering private information that will be used for identity theft.
Whaling – Whaling is a specific form of phishing that’s targeted at high-profile business executives and managers.
Whitehat – White hat hackers perform penetration testing, test in-place security systems and perform vulnerability assessments for companies.
Worm – A computer worm is a malware computer program that replicates itself in order to spread to other computers.
Wi-Fi – Wi-Fi is a facility that allows computers, smartphones, or other devices to connect to the Internet or communicate with one another wirelessly within a particular area.
Zero-Day – Zero-Day refers to a recently discovered vulnerability that hackers can use to attack systems.