“Cybercriminals are targeting your family.” This is a statement no one wants to hear, but in our digital world, everyone is a potential target.
While that may sound stressful, it’s important to remember: By educating yourself and those around you, you can work together to create a safer digital space. Remember that empowerment is key! No one wants to feel ashamed about a mistake they’ve made while they are still learning the ropes. Showing your family how to stay safe is more easily done with a positive attitude.
Before we learn what we can do, we need to learn why our families are vulnerable and exactly what information threat actors are after.
Why Is My Family Vulnerable?
As each of us navigates a world full of digital experiences, it’s important to know what to look out for and how to mitigate risks. From giving away too much information on social media, to chatting with someone who isn’t who they say they are, there are many ways to become targets.
Here are several reasons you and your family members may be vulnerable online:
- Your family members don’t know the risks. Many people are unaware of social engineering, or that public information shared online can be used for ill-will. By helping to educate your family, you’ll empower them to defend themselves against cybersecurity threats.
- Most people lack a true understanding of the criticality of cybersecurity best practices. Even if someone knows the risks they face, they likely don’t know how to protect themselves. For example, they may know they “should” use strong passwords on social networking sites but might not know how to create a stronger password, or why it’s so important. So, they default to repeating passwords that are easy to remember across accounts .
- People are shamed for not knowing about cybersecurity. Instead of being taught about inappropriate conduct, contact, and content with compassion, people of all ages may be shamed for being unwise about technology. When shamed, many people don’t feel open to asking questions or getting help, which could mean a continuation of unsafe cybersecurity behavior.
What Are Cybercriminals After?
Cybercriminals target people of all ages as potential victims for several reasons. Here are four of the most common reasons why people are targeted:
Cybercrime is estimated to cost $10.5 trillion USD annually by 2025, making financial gain a key reason for cybersecurity attacks. Often, threat actors are searching for credit card or bank account information for themselves or to sell on the dark web.
For Example …
If your children are playing games on your phone, they may be prompted to provide financial information to buy in-game items. Because they know you’ve allowed them to buy in-game items on your phone in the past, they may feel inclined to go ahead and provide that financial information to a new online game that is actually a front for payment information theft.
It’s important to provide clear, direct boundaries with your children in situations like this so your family’s information is secure.
2. Data Theft
Cybercriminals create plans to infect devices with malware to steal critical information through tactics such as:
This data can provide cybercriminals with the critical information they need to lock you out of accounts, obtain and sell more of your information, and other malicious tactics.
Your child is likely using the internet more than ever before. With distance and virtual learning, they probably send and receive emails from their teachers and peers.
But they might not notice the small details that a cybercriminal has changed in an email address from a common recipient. Instead of MrsDavis, the email profile name for the child’s teacher from their school domain, a cybercriminal emailed them from the email address, MrsDavls from a free email service. By quickly opening the email out of habit, and having inherent trust in the sender, this child could accidentally click on a malicious link.
It’s important to speak with your children about these possibilities and teach them in a positive way how to examine email addresses, hover over links to see the destination address, and other quick tips that can help them avoid cybersecurity issues.
3. Sensitive Information
In some instances, threat actors use something none of us need more of: stress.
It was reported that email scams related to COVID-19 surged 667% in March 2020 alone—at one of the first peaks of the pandemic. By using this alarming topic in emails, phone calls (also known as vishing), or text messages (also known as smishing), threat actors frequently scare people into sharing their sensitive information.
By using high-stress situations, cybercriminals can convince people to make quick, irrational, and unsafe choices.
For Example …
In this instance, the goal is normally to incite fear. Especially to younger people, those in authoritative positions—such as teachers and government officials—can be intimidating.
One afternoon, your child receives a phone call from a “school administrator” who tells them they need to provide their current address and results from their most recent COVID test.
In reality, this person has nothing to do with your child’s school—or COVID test reporting. The only information they were looking for was your address, which they obtained by creating a false sense of power over your child.
By getting the name of their school from social media profiles and the name of the administrator from the district’s website, this person has enough information to incite fear in this young person.
Empower your child to always confirm the identity of the person they’re speaking to by contacting them in a way they have in the past, such as through their school’s portal. By verifying their identity, you’re teaching your child to take an extra step of precaution when providing sensitive information.
4. Identity Theft
In addition to simply stealing data, some threat actors are out to steal identities entirely.
They may try to obtain social security numbers or other identifying data to steal your identity. Most often, people are out to obtain financial benefits with this information, including opening credit cards.
For Example …
While playing a game online, your child encounters a new “friend.” This person is acting as a "friend" to your child, but they’re really searching for someone to give out information in order to steal their, or your, identity.
By making small connections at first—such as sports, favorite colors, and other hobbies—the threat actor can create a sense of trust. Later in the conversation, the threat actor will have an easier time getting sensitive personal information from your child, as they’ve already established a connection.
It’s important to speak to your children about what information—if any—is acceptable for them to give out online. By teaching them about the reality of providing too much information to cybercriminals, you can keep your children safe online.
Let’s Work Together To Protect Your Family!
While it may feel overwhelming, there are a number of steps you can take to keep your family safe online. This month, we're taking a Family First approach to cybersecurity with resources, webinars, and more that can help keep everyone in your household safe.
If you’re eager to get started, you can take a look at this article called Internet Safety for Kids: A Parent’s Cheat Sheet. Stay safe!
If you have questions about how to keep you and your family cyber safe, email us at [email protected].