Tag Archives: Family Safety

Parents’ Ultimate Guide to Cybersecurity

You may think that the world of cybersecurity is only populated with shadowy criminal organizations hacking elections and stealing corporate data, but cyberattacks afflict the big and small alike.

Every day millions of cyberattacks hit the U.S. alone, and they’re growing in number and intensity every year. While governments and businesses beef up cybersecurity, cybercriminals modify their malicious software to keep up with the demand. And the demand is growing.

More and more internet-connected devices pop up in family homes every year. Computers, laptops, tablets, smart TVs, watches, and refrigerators are contributing to the inevitable “internet of things” — a time when all of our daily devices, our data, our identities, and our lives are linked together and saved in the cloud.

The more we’re connected, the more fragile our infrastructure and online connections. The more links we form, the easier it will be for hackers to bring things to a stand still, to turn off our lights, to empty our bank accounts, to disrupt our monetary system, to peer into our secrets. It’s a dystopian world view but one we can avoid if we adopt the right attitudes and invest in cybersecurity.

Cybercrime is becoming a more lucrative “occupation,” drawing more and more people to it. As the supply of criminals increases, so too will the demand for victims. Governments and corporations aren’t the only ones with something to steal. Millions of individuals and families represent enormous amounts of opportunity for cyberthieves who are starting to take more notice.

Families are tantalizing targets to cybercriminals since they tend to have less cybersecurity protection installed on their devices. They also house millions of children operating those devices. But protecting yourself is possible if you get to know the cybersecurity basics, educate your kids, and learn the best ways to avoid malware.

Get to know cybersecurity basics

You often hear about cyberthreats on the news. Reporters give obscure warnings about malware attacks, worms, and phishing scams, but what does all of this mean? Getting to know the basic terms and concepts around cybersecurity will help you better understand news alerts around virus outbreaks. You’ll know what types of threats are issued and what actions to take to protect your data and devices.

Malware and viruses

Although the terms are often used interchangeably, computer viruses aren’t the same thing as malware. Malicious software or “malware” is a broad term referring to any type of software installed on a device or network that’s unwanted or destructive. Viruses are just one type of malicious software.

Cybersecurity experts classify different malware by their behavior. Viruses are unique because they can replicate (make copies) and propagate (spread). Like the common cold or flu virus, computer viruses are transmitted from one device to another through some kind of “contact,” usually in the form of email attachments or links.

Raising healthy kids means providing nutritious meals, getting them flu shots, and teaching them to wash their hands regularly. Protecting your devices from viruses and malware requires adopting good attitudes, installing antivirus software, and teaching online safety.

Viruses and worms

Worms are considered computer viruses because they can replicate. While viruses need humans to help them replicate, worms can self-replicate. Once on your computer, worms make copies of themselves and email those copies to other computers. They’re much more autonomous than your average virus, which makes them especially destructive.

Unlike viruses, worms don’t need executable programs to function. An executable program is one that executes or runs code, typically ends with the file extension .EXE, and needs your permission to operate. If you’ve ever downloaded a program from a website and installed it on your computer, you’ve opened an executable program.

Executable programs and files work differently from read-only files. For example, if you play an .mp3 music file of your favorite song, your computer is only reading the data from the file. So, you can’t get a virus from simply playing a song, but you can get one from downloading one.
Scanning executable files downloaded from the internet is a good way to catch viruses and worms before they infect your computer.

Social engineering

Social engineering is how cyber thieves manipulate people into unknowingly spreading malware, revealing their personal information, or sharing their data. Children and teenagers are especially susceptible to social engineering tricks. That’s why educating them on good online habits and identifying warning signs keeps them and your devices safe.

Consider the following scenario: You receive an email from Facebook with the subject line reading “Issues with your account: Please Respond”. You open the email, and it says the Facebook team has found “copyright issues” with your account.

The email goes on to say if you don’t resolve the issues, your account will be “permanently blocked”. Concerned, you look for a solution. The email explains you must follow the provided link, fill out a form, and provide your credentials. You click the link and visit the Facebook website where you’re prompted to sign in with your username and password. After signing in, you suddenly notice the URL in the address bar doesn’t look right.

The fact is, you’re not on Facebook’s website at all, and you’ve just handed over access to your account to hackers.

Notice how many times in the scenario you followed along with the instructions. You opened the email, clicked the link, visited the site, and entered your credentials. The hackers did little work aside from creating a convincing email forgery. You were being socially engineered.

The above example is a phishing email, a common source of identity theft and virus propagation. Phishing emails are just one way cyberthieves use our emotions and confirmation bias against us to profit. Here are some tips for avoiding phishing emails:

  • Scan the email for the correct logos, fonts, and colors.
  • Check for grammatical and spelling mistakes.
  • Hover over any links and make sure the URL is correct.
  • If you weren’t expecting an email or are confused, you should email the organization’s website or call them directly.
  • Report such scams to the Federal Trade Commission’s website.

Trojans

Unlike viruses and worms, trojans target specific devices for attack rather than propagate. They don’t exist to replicate or propagate but to destroy data, record passwords, and capture confidential information like banking account numbers.

Trojans are malware in disguise. They make their way into your computers and mobile devices by posing as legitimate files and programs. That’s why they have the name “trojans” after the wooden horse the Greeks tricked the Trojans into bringing into their city.

Banking trojans are a popular form of malware used to steal your banking and credit card numbers. They begin life disguised as apps downloaded from sites like Google Play and the Apple Store. After the trojan app is on your device, it activates and begins scanning and monitoring your information, looking for and recording credit card and banking account numbers. It then remotely relays the information back to the thief.

Trojans are a specific danger to children who have access to mobile devices like Android phones and tablets. Cyberthieves use social engineering and legitimate-looking apps to trick kids into downloading what they think is a harmless game.

Botnets

Hackers deploy botnets to take over and control internet-connected devices. The term botnet is formed by the words “robot” and “network,” which is exactly what they are: a network of robotic devices used together. Cyberthieves build botnets made of millions of devices creating fake social network accounts, mining cryptocurrencies, defrauding advertisers, deploying denial-of-service attacks (DDoS), and propagating other malware.

Botnets are about gaining control, and many devices in the home can now be hacked. The internet of things is now a reality for many families. Along with laptops and personal computers, other common devices like coffee makers, TVs, smart watches, and refrigerators are now connected to the internet. Botnets target these devices to build a larger network of computing power.

Signs your device has a botnet include slowed performance or frequent crashes, but these are also common symptoms of other problems. The fact is, most users aren’t aware a botnet is controlling their device. The result is increased wear and tear on your devices.

Understand the real dangers of cybersecurity

Panda Security surveyed parents to identity their biggest concerns about online activities, apps, and websites. The survey results revealed a disconnect between what online threats parents fear and what is statistically more likely to happen. For example, 54 percent of parents surveyed said they worry the most about “sexual predation”, but only 13 percent of children reported experiencing such acts. On the other hand, only 12 percent of parents reported “online bullying” as their number one concern even though 34 percent of children between the ages of 12 and 17 are said to experience cyberbullying.

There were similar conflicting results for cybersecurity. Only 16 percent of parents report “computer viruses” and “malware” as “somewhat unsafe” or “very unsafe”. The fact is, viruses and other malware threats are getting more frequent every year.
To keep your children and devices safe, you must know what threats are more likely to happen and focus more attention on preparing for them. Focus the majority of your time, energy, and attention on more likely threats.

Identity fraud

A 2017 study found a huge increase in internet fraud as credit card companies have begun moving consumers to anti-counterfeit, chip-based cards. The chips make it harder to commit fraud at stores, so cyberthieves have moved to online transactions using stolen credit card numbers. The study showed a 40 percent increase from 2015 to 2016 in online credit card fraud.

The study also found that new account fraud rates had doubled over the same time period. Cyberthieves steal or buy your personal credentials and open new accounts in your name.

Newly opened, fraudulent accounts generally take longer for victims to discover since thieves have credit card and bank statements sent to them.

Of particular interest to parents is the recent rise in identity thefts targeting infants and toddlers. Cyberthieves can steal your child’s SSN and open new accounts in their name, ruining their credit scores before they even reach adulthood. Identity theft of this kind can stain your child’s financial future, making it harder for them to find funding to buy a car, get student loans, or rent an apartment. Running credit reports is one way to check for identity fraud. If you suspect someone has stolen your identity, you should freeze your credit report.

Ransomware

Ransomware is one of the fastest growing cybersecurity threats today. There has been a 50 percent increase in ransomware attacks from 2016 to 2017, according to a study by Verizon. The malicious software works just like a real-life ransom situation, only the hostage is your data.

Ransomware allows hackers to lock your computer and encrypt your data. They don’t necessarily steal your data; they just make it impossible for your computer to read it and for you to access it. Thieves ask for money to decode your data. If you don’t pay, they threaten to delete everything.

Hackers gain access to devices through common sources like spam email campaigns, security holes in software, and even botnets.

As more of our photos, videos, and documents become digitized and stored on hard drives, the prevalence of ransomware will increase. It’s a highly lucrative “business” that affects corporations and families alike. Cyberthieves know your data are valuable and that many parents are likely to pay, even though you shouldn’t.
Paying the ransom only enriches the thieves and incentivizes further theft.
Protect your data against ransomware by backing it up to another hard drive or to the cloud. The threat of deleting your data only works if you have a single copy of it.

Educate your kids about cybersecurity

Every generation of families confronts a new technology and the new threats that offset its benefits. Automobiles launched the car wreck, TV birthed concerns around “screen time,” and the personal computer helped spawn the hacker. With the internet and social media, parents are once again confronting the consequences of connectedness, social sharing, and digital identities.

Navigating the dangers of cybersecurity and the internet means being honest with your kids about what is at stake. Identities can be stolen, credit ratings can be destroyed, and bullies can do serious harm. Educating your kids about cybersecurity is one of the most effective things you can do to keep them safe while online.

Be honest

Cybersecurity is serious business. Talking to your kids about it requires honesty. Don’t avoid issues because they’re uncomfortable or complicated to explain. Tell your children some online activities are safer than others.

The online world is just like the real world. Not talking to strangers at the park is just as important as not talking to strangers in chat rooms. Leaving your toys out for thieves to steal is just like telling someone too much information online. Avoid dividing the real world from the online one. Instead, bring them together by making these types of connections. Children need consistency, and keeping the rules consistent for on and offline activities will help them understand the dangers of both.

Being honest about cybersecurity also means pointing out the good things about online activities. Keep a balanced outlook. Emphasize they need to be cautious but enjoy the internet. It contains wonderful things to help them grow, socialize, and learn. As they learn better online habits, they will feel safer, confident, and in control. Honesty is the best policy.

Use your creativity

Cybersecurity concepts like online identities and malware are abstract concepts. Use examples and analogies that children can relate to. For example, use the analogy that computer viruses work like biological viruses. Explain how one “sick” computer infects another. Personal identities are unique like our fingerprints. Stealing someone’s identity is like dressing up like that person for Halloween so you can steal all of their candy. Find creative ways to relate cybersecurity concepts to their everyday life.

Build trust

Your child may assume your concerns are more about spying on their online activities rather than looking out for them. Reassure them you won’t get upset if they accidentally click on something they shouldn’t or if their device gets a virus. Overreacting will likely cause resentment, anxiety, and rebellion. These are all counterproductive to building good habits and trust.

For teenagers, be consistent about your concerns. Make it just as much about protecting devices and information as it is about who they’re talking to online. For small children, reinforce the notion that cyberthieves are tricky, but you can beat them by following the rules.

Go online together

The best way to teach a child something is to show them firsthand. Go online and search for a term that interests them. Then explore the results looking for good and bad websites. Take a tour of the browser’s interface. Point out the address bar, bookmarks, extensions, and the search results. Show them how to close an internet pop-up ad and what to do when they can’t find a close button.

Websites come in different flavors when it comes to data safety. Some talk with your browser using encryption and some don’t. Encryption keeps your data safe. Encrypted sites begin their URLs with “https:”. Unencrypted ones have “http”. Browser extensions like HTTPS Everywhere identify unsecure websites from secure ones automatically.


Together with your child, open their favorite app and explore its social and/or messaging features. Explain what to do if they receive a message. Show them how to respond to in-app purchase and pop-up ads. If you feel your child isn’t mature enough for messaging, check to see if the app allows disabling the feature.

Identify appropriate vs inappropriate information to share

Parents know small children are open books — freely sharing information you’d rather they just keep to themselves. So use cybersecurity education as a way to establish good and bad sharing practices.

Provide your children with examples of information that are safe to share online and some that aren’t. Even if they don’t have their social security number memorized, they can still reveal their address, their birthday, or their mother’s maiden name to a cyberthief posing as an online friend. Tell them sharing online is like sharing in person. Ask them what’s safe to share with a stranger and what’s not. The same rules apply.

Even small pieces of information like the dates of an upcoming family vacation could lead to a home invasion and physical theft of your devices. Cybercriminals now use botnets to read smart electric meters and determine when the home is empty, so giving them a heads up on when you’ll be away from home only makes their jobs easier.

Reinforce the need to be skeptical of anyone your child communicates with online. Cybercriminals befriend people on social media to gain their trust and get information. With that information, they can take over the victim’s account or steal their identity. Good information sharing habits help kids avoid these threats.

When discussing shareable information, practice what you preach. Often parents can be just as open with personal information as children. It’s tempting to spread the knowledge of your newly arrived baby, but exact details like time of birth, hospital, and your child’s full names can give cyber thieves a head start on discovering their SSN. Using your maiden name as a security question answer makes a hacker’s job easier.

What you share online about yourself and your children also teaches them what’s appropriate and inappropriate, so practice what you preach when it comes to sharing online. Your children are watching.

Use online resources

Another effective way to teach children about online safety is using online resources. Internet safety websites like the Federal Trade Commission’s OnGuardOnline has security tips, games, and other online learning resources for parents and guardians. Other sites use videos, quizzes, and other activities to teach cybersecurity basics to children.

Know the cyberthreats for children and teens

Knowing cybersecurity basics gives you the foundation for building a protection plan for you and your family. Now it’s time to get familiar with online activities, apps, and websites specific to children and teens.

Anonymous sharing

Over 75 percent of surveyed parents viewed anonymous sharing as “somewhat unsafe” or “very unsafe”. It’s a legitimate fear. Although anonymous sharing can promote healthy and open expression for users, it can also make it easier to overshare information

Apps like Snapchat allow users to post images and messages that only show up temporarily and then are removed. But nothing on the internet is ever temporary. Cyberthieves and bullies can easily take screenshots and photos of information and images before they disappear.


Popular apps like Whisper keep a user’s identity unknown, while others like Anomo start you off as anonymous but let your change your settings over time. If you tween or teen wants to share anonymously, you might steer them toward apps like After School, which is developed specifically for teenagers and includes resources for counseling, scholarships, and social campaigns.

Before letting your child use anonymous sharing apps, go over what information is safe to share. They should be wary of any messages containing links or attachments, which could contain malware or lead to phishing websites.

Social networks

Social media is changing the way kids socialize and get information. Tech giants like Facebook and Google have developed apps like Messenger Kids and You Kids to give kids safe online spaces to interact socially. The apps filter age-appropriate content and provide parental controls for account creation and monitoring. But they’re not foolproof, and older kids are good at getting around parental controls when they want.

Parental Controls

Many of the same strategies that work to keep inappropriate content from children also work to keep them safe from cybersecurity threats. Keep your kids safe by executing a multi-layered approach to parental controls starting with the devices themselves.

  • Set up parental controls for your devices: Windows and/or Mac
  • Set up parental controls for web browsers. For Chrome, you can create a supervised profile to monitor and block any content they visit. Firefox has many different add-on extensions for similar purposes.
  • Set up parental controls for all of the apps your kids can access. You can set their Facebook privacy setting to “Friends Only” and block specific content for their YouTube channels.

Setting up a multi-layered approach will create redundancies of protection — if one layer of protection fails, the others will still work.

Passwords

You child’s password to their social account is like gold to a cyberthief. With their password, cybercriminals can take over the account and use it to post fake news, spam others with messages, or create fraudulent ads. Help your kids create passwords for their social accounts. Record the passwords in case you need access yourself. Here are some strategies for creating secure passwords:

  • Find a balance between complexity and memorability. Creating longer passwords makes them more secure, but make sure they’re short enough so your child can remember them.
  • Include numbers and symbols.
  • Use random number and letter substitutions rather than commonly used ones.
  • Initialize two-step verification for apps that allow it.
  • Use a password manager that will do the remembering for you.

Your child’s password is the key to their social media privacy and their account. Keep them safe from cyberthieves by creating a secure password.

Direct Messaging

The majority of social media sites have direct message features for connecting with friends, family, and strangers. Direct messages are popular places for cyberthieves who place links to phishing sites and harmful downloads for kids. Here are the warning signs and how to avoid these schemes:

  • Avoid clicking on messages with an unusual amount of typos and misspellings, wrong subject-verb agreements, or unusual punctuation marks.
  • Messages asking for personal information like passwords, SSN, credit card, or PIN numbers. No legitimate social media site will correspond with its users about these topics through direct message.
  • Be extremely skeptical of messages claiming your account will be locked or deleted unless a specific action is taken.
  • Don’t click links that are mismatched from their descriptions. Hover over a link with your cursor and check the status bar at the bottom of your browser window. Make sure the status bar address matches the intended destination. Both addresses should match for any type of link, whether in direct messages, emails, or browsers.

Practice these cybersecurity habits with your children. Visit sites like scam-detector.com and show your kids common ways cyberthieves spread viruses via direct messages on Twitter, Facebook, and other social media networks.

Email attachments and links

Social engineering is a powerful way for cyberthieves to trick children into infecting their own devices or revealing personal information. Sit down with your kids and show them how you check your emails. Even have them send you one themselves with a message and an attachment like a picture.

Explain and demonstrate how a phishing email works and their telltale signs. Send your child an email with a “bad” mismatched link you made up. Show them how to hover the cursor over a link to reveal its true destination on the web. Most importantly, explain why you never open an email attachment from an unknown source. If you can’t confirm the source, delete the attachment.

Video streaming sites

The world of television programs and cable networks, familiar to many parents, has given way to online celebrities and YouTube videos for their children. Everyday, YouTube users watch over 1 billion hours of videos. All of this traffic draws the attention of scammers and cyberthieves looking to hack the system for profit.

For video sites like YouTube, cyberthreats don’t come from streaming videos but from other parts of the platform. While your child can’t get a virus while watching a YouTube video, they can click on a link in the comments section, in an ad, or in a video description and infect your device with malware.

It works like this: Your child searches for a movie on YouTube with their tablet. One of the videos in the search results has the correct title and images for the movie they’re looking for, so they click on it. However, it’s not the movie at all but a short video telling them to click the link in the video’s description if they really want to watch the full-length movie.

They click on the link, which takes them to a website. But now there’s a problem. You need an update to Flash Player before you can watch the movie. “Would you like to download the update?” the site asks. Of course they do, so they click the download link. Now, the iPad has a virus, and your child is upset. They stomp into your bedroom holding the iPad defiantly out in front of them exclaiming, “This doesn’t work!”. They’re absolutely right
Take these preventative measures to protect your devices from infection:

  • Get them familiar with how YouTube works. Show them the problem areas: where the comments section lives, what video ads look like, where links in video descriptions are inserted.
  • Enable YouTube Restricted mode, which will filter out inappropriate content and hacking schemes like the one above.
  • Download the YouTube Kids App and control their content through it. Some features like the comments section can be turned off completely.

Videos will only get more and more popular for both children and cyberthieves. Get ahead of cyberattack trends by educating your children on current threats within video platforms.

Online Video Games

Kids love video games, especially those that let them share their experiences and creations with others. Almost every video game today has some type of social component built in, whether it’s direct messaging or chat. Minecraft and Roblox are just two examples of popular user-generated online games that let kids build worlds and share them with others.


While such games are good for building imaginations and relationships, they’re also the playground for cyberthieves and hackers. Like YouTube, cyberthreats on the websites aren’t the problem. That is, you can’t get a virus just from playing Minecraft, League of Legends, or Roblox. You get it when you leave the game’s website and land on another, and hackers use social engineering tricks like the following to lure kids away:

  • Pop-up ads or chat links offering free coins, avatars, skins, and upgrades. Once clicked the ad or link takes them to a website that requires them to download an executable file. When opened, the program infects the computer with malware designed to steal data, which can include your banking formation and account passwords.
  • Fake login schemes use pop-ups within the game to tell the player they must provide their username and password to continue. Sometimes the pop-up claims the site is “under maintenance” as a social engineering ploy to steal a player’s account and lock them out.
  • Hackers use botnets to send spam and fake ads to millions of players, asking them to visit websites for free stuff. The botnet is designed to run a fraudulent ad scheme, which relies on more views and clicks to make the hackers money.

Here are some tips to help your child avoid phishing scams on video games:

    • If the game allows, set your child’s chat options to “friends only”.
    • Teach your child the “no free lunches” lesson. Drill the point home that if it sounds too good to be true, it probably is. The old adage should be the mantra for any parent warning their child about online “free” offers.

Cyberattacks can rob you of your personal data and your child of their hard-earned accounts. Keep the fun going by teaching your child the common tricks hackers use on video game websites.

Monitor your child’s identity

Identity theft doesn’t just affect adults. Infants and children are at risk of cyberthieves stealing their SSNs and ruining their credit. The Federal Trade Commission suggest parents watch out for these warning signs that your child’s identity may have been stolen:

      • Your child is denied government benefits because they’re being paid to another account.
      • You receive a notice from the IRS saying the child didn’t pay income taxes, or that the child’s SSN was used on another tax return.
      • You get collection calls or bills for products or services you didn’t receive.
      • Your child is denied a bank account or driver’s license

Here are some preventative actions to protect your child’s identity:

      • Run a check for a credit report in your child’s name with the three major credit reporting companies: Equifax, Experian, and TransUnion.
      • If your child has an existing credit report, someone has applied for credit in their name, which may be a sign their identity has already been stolen.
        If your child’s school ever has a data breach, watch their credit scores more closely. Consider freezing their credit reports if you suspect their identity has been compromised.
      • Check your child’s credit report when they turn 16. If there has been fraud or misuse, you will have time to correct issues before they apply for a job or car loan.

Keeping your child’s identity safe is a long-term plan. It may cost a little upfront time and money to prevent your child’s identity from being stolen, but they’ll thank you for it when they’re older … along with all of the other things you do for them.

Protect your devices

Your internet-connected devices are the touch points for your child’s online experience. Tablets, laptops, and desktops allow them to explore, create, and benefit from all the internet has to offer. They’re also the gateways into your personal data and identity, and they’re expensive to replace. Keep your devices malware and cyberattack-free with the following steps:

Avoid non-secure web pages

Non-secure websites don’t encrypt how they talk to your browser like secure ones do. It’s easy to identify websites that are non-secure. They start with HTTP in their URL address. Visit only secure sites that start with HTTPS. The ‘s’ stands for ‘secure’. If your favorite site’s address starts with HTTP, download antivirus protection, create a bookmark for navigating to it, and don’t enter your credentials.

Update your operating systems

One of the best ways to protect your devices is simply keeping your operating system (OS) up-to-date. Hackers love to exploit security holes in operating systems like Windows and Mac, so keeping your OS updated applies any patches these developers have released. You can manually update your Windows or Mac OS or set your system to auto-update for you. Remember, it’s the time between when the update is released and when you install it that your devices are at their biggest risk of infection.

Keep programs and apps to a minimum

Like operating systems, individual apps on your devices also need updating – and for the same reason. Aside from updating them, you should also decide whether you even need them at all. Take inventory of your apps and programs and decide whether you actually need them and how often you use each one. Remember, viruses need executable files to work, so the fewer apps and programs you need to download and update, the fewer your chances of infection.

A couple of programs you will want to give special attention to are Adobe Flash and Acrobat Reader. Both are popular targets for cybercriminals. If you don’t use them, uninstall them.

Get antivirus protection

Downloading and installing a comprehensive antivirus protection software will actually solve many of the problems outlined in this guide. From helping avoid malicious links to managing your passwords, antivirus software will keep your data confidential, your identity safe, your devices virus-free, and your children safe from harmful content.
Many major antivirus protection plans offer free downloads that provide some basic protections.

Cybersecurity is an investment

Like insurance, cybersecurity is something you avoid thinking about until you need it. But when disaster happens, you’re always glad it’s there. Stay ahead of the growing threat of cybercriminals and evolving malware by taking the time to invest in the things that work: educating yourself and your children, practicing good online habits, keeping your devices up-to-date, and getting a comprehensive antivirus software system.

The post Parents’ Ultimate Guide to Cybersecurity appeared first on Panda Security Mediacenter.

Read More

New Study Shows “Fake News” Part of Parents’ Concerns about Online Activities

Controversies around “fake news” sites aren’t just nightly news fodder or political footballs. As it turns out, they’re new additions to the list of parental fears, sitting alongside computer viruses, social media, and online sexual predators.

Parents today aren’t just worried about their kids watching internet porn. Many are concerned their child will read a Breitbart article or watch a video on CNN.

Panda Security’s exclusive analysis of U.S. parents reveals what they fear the most when it comes to websites, online activities, and apps.

  • More than twice as many parents consider right-wing website Breitbart unsafe for children than CNN.
  • 20 percent of parents think CNN is not safe for their kids.
  • 47.9 percent of parents think Breitbart is unsafe for children.
  • 75.9 percent of parents think anonymous sharing is a danger to kids.
  • More parents block Facebook (5.9 percent), YouTube (5.8 percent), Netflix (4.3 percent), than they do Pornhub (2.5 percent).
  • 54.2 percent of parents are most concerned about sexual predators online.
  • 37.1 percent of parents concerned about sexual predators haven’t spoken to their kids about it.

We surveyed 1,000 U.S. parents to determine the websites, apps, and activities that most concern them when it comes to their children.

Parents Are Worried About Some Of The Web’s Most Popular Sites


Of our total sample of respondents, 90.1 percent ranked Pornhub as “Very Unsafe” or “Somewhat Unsafe”. Our analysis also shows some major social media sites as a source of concern for many parents. 47.0 percent of parents view Facebook as unsafe, while Reddit received the same rating from 46.1 percent of respondents.

Video streaming websites like YouTube and Netflix also ranked as concerning to parents. 36.7 percent of parents said YouTube was a safety concern while 15.5 percent also felt the same about Netflix.

Parents also considered news sites like CNN and Breitbart as a threat to their children. 20.5 percent felt concerned about CNN while 47.9 percent reported Breitbart News as somewhat or very unsafe.

For parents who felt “Very Safe” or “Somewhat Safe” towards specific websites, Amazon ranked first with 71.4 percent. More parents said they felt Netflix (69.9 percent) was safer than Wikipedia (65.5 percent).

More Parents Blocked YouTube than Pornhub

Our analysis showed there was a disconnect between parental concern and parental action. We found more parents reported blocking video websites like YouTube (5.8 percent) and Netflix (4.3 percent) than they did porn sites like Pornhub (2.5 percent).

One reason why parents may be blocking sites like YouTube and Netflix more than Pornhub is that parents may consider excessive screen time more concerning and more likely than specific content like pornography. Parents may feel the chances of their children finding/watching adult content too remote for concern, especially if the children are very young.

However, a University of New Hampshire survey of 1,500 internet-using youth between the ages 10 and 17 showed 42 percent of them had been exposed to online pornography in the past year. Of those, 66 percent reported unwanted exposure.

Parents Overwhelmingly Think Anonymous Online Sharing Is Unsafe for Kids


Of the seven online activities we listed, “anonymous sharing” was the online activity most concerning to parents. 75.9 percent reported feeling “somewhat unsafe” or “very unsafe” when it came to their kids and anonymous sharing.

The data suggests app developers need to include better parental controls for monitoring or stopping anonymous sharing activities of children.

Anonymity could factor into the perceived safety of social media sites. While there’s a good amount of safety concern among parents for a social website like Facebook (47 percent), it’s even more for 4chan (58.4 percent)—a site where anonymity is more prevalent.

Social networking was the second most unsafe online activity with 57.2 percent followed by “video sharing/watching” at 56.6 percent. A larger percentage of parents reported feeling concerned about video sharing than reported being concerned about the video sharing website YouTube.

Parents Are Worried About How Their Kids Get News


Our analysis shows 47.9 percent of the total pool of respondents who had heard of the right-wing website Breitbart rated it “somewhat unsafe” or “very unsafe”. That’s compared to 20.5 percent that responded the same to the more centrist Cable News Network. 8.1 percent said they considered both websites a safety concern when it came to their children.

Wikipedia also ranked as somewhat or very unsafe to 12.2 percent of parents. “Fake news” controversies and growing concerns about biased information are threatening the legitimacy of some online information sources like Wikipedia.

Parents Are Very Concerned About Sexual Predators


Of the six options presented, 52.4 percent of parents chose “sexual predation online” as their top online concern for their children. 14.3 percent chose “Maintaining online privacy” followed by “online bullying” at 11.8 percent.

More Than a Third of Parents Don’t Talk To Their Kids About Online Sexual Predation


While 52 percent of parents reported sexual predation as their primary concern, 37 percent of those said they hadn’t spoken to their children about the topic in the past year. Among parents who reported online bullying as their primary concern, a similar percentage hadn’t spoken to their children about the topic, at 33 percent.

For less emotionally and physically dangerous concerns like “Computer Viruses” and “Hidden Fees in Online Apps”, the percentage of all parents who expressed concern, but hadn’t spoken with their children, was even higher (54 percent and 43 percent, respectively).

Among parents most concerned about maintaining online privacy, 44 percent of parents overall hadn’t discussed the topic. The numbers suggest the threat of online privacy and identity theft is being perceived as a similar to hidden app fees.

Cyberbullying Is Being Underrated By Parents As A Concern


Our analysis shows parents biggest fears aren’t reflective of actual prevalence rates. Of the total group, 54.2 percent of parents said sexual predation online was their biggest concern while 11.8 percent said the same for online bullying. Sexual predation is defined as any person using the internet for the express purpose of targeting a minor to perform non-consensual sex acts.

Compared to sexual predation, cyberbullying occurs much more frequently for children. The prevalence rate for sexual predation online is only 13.0 percent. In contrast, a 2016 study commissioned by the Cyberbullying Research Center found 33.8 percent of U.S. high school students between the ages of 12 and 17 said they had experienced cyberbullying. Examples of cyberbullying can include sending threatening or hurtful texts, posting embarrassing photos or video, and/or spreading rumors.

Methodology

Panda Security conducted an online survey of 1,000 U.S. parents.
Our survey was designed to gather from parents four different types of data:

  • Demographic
  • Level of concern for specific websites, online activities, and apps
  • Actions they’ve taken to address their concerns.
  • Their knowledge level of their child’s online activities, friends, and passwords.

We wanted to discover what parents were the most concerned about and what they were doing to address those concerns, either directly (e.g. blocking content) or indirectly (e.g. discussing issues with their children).

Our approach to analyzing the data was to determine if there was a correlation between the level of concern and amount of reported activity.

The post New Study Shows “Fake News” Part of Parents’ Concerns about Online Activities appeared first on Panda Security Mediacenter.

Read More

Is Roblox Safe for Your Kid?

The internet continues to create conflicts for parents who want to give their children the benefits it provides without exposing them to the dangers it harbors. Online videos games are part of that struggle. Staying up-to-date on safety issues helps parents better negotiate the benefits and costs of online gaming.

Parents want to provide their children with the tools for expanding their imaginations. Once it was the humble Lincoln Log set. Now it’s user-generated, multi-platform, immersive online gaming systems. With games like Roblox, kids now have the power to build any world they can imagine and socialize with other players from around the world.

Roblox touts 64 million active players every month, who log on to “create adventures, play games, roleplay, and learn with friends.”

Children put in hundreds of hours playing games like Roblox, and they’re emotionally connected to their accounts — to a level many adults may not consider. When a child’s account is stolen, they’ve lost more than just their username and password; they’ve given up the worlds they’ve built, the items they collected, the avatars they’ve customized, the friends they’ve made and any future plans for the game. It can be devastating.

Given the power and creativity Roblox provides children, the company takes a proactive stance to protect their players from inappropriate content, online hackers, cyber thieves and other internet dangers. Roblox provides resources like in-game moderators, parental guides and content controls to help parents. However, it’s impossible to monitor the activity of so many players.

Hackers can steal player accounts or infect computers with malware, but knowing the common safety issues will help you keep your devices safe and your child’s imagination on track.

Can you get a virus from Roblox?

It’s impossible to get a virus playing within the Roblox platform because the game doesn’t “permit, or have the functionality, to upload, retrieve, or otherwise disseminate harmful executables or malware via its platform,” says Brian Jaquet, the company’s Senior Public Relations Director.

However, while hackers can’t introduce a virus within the Roblox game, they can find ways to get kids to leave the platform where infection or account theft is possible.

Phishing attacks

Pop-up ads or chat links offering free Robox or custom items can lure children to fake phishing websites designed to infect your computer or steal your child’s Roblox account. It’s similar to how phishing attacks work on YouTube. Roblox hackers entice users away from the game with promises of free gifts or Robux, the platform’s in-game currency, if they click a link within a chat message or pop-up ad.

Malware

While on a malicious website, hackers trick users into downloading an executable program having an .exe extension. Once opened, the program infects the computer with malware designed to steal data, which can include your banking formation and passwords.

Stolen Passwords

Phishing attacks can also steal Roblox accounts while on fake websites. Players are prompted to login with their Roblox username and password with promises of free Robux. Their information is then saved and can be used to steal their password. The image below is from a phishing website.


The Roblox community rules clearly state players are forbidden to “sell, trade or give away Robux, digital goods or game codes except through official channels on the Roblox platform.” Players can buy and sell game items, but only as Builders Club members. Sharing outside programs on the Roblox site is not allowed, but it does happen.

Scams

Hackers can also steal from players while on the Roblox platform. These scams commonly use pop-up ads promising free items, but instead of a new weapon or t-shirt, players get their Robux stolen or accounts hijacked.

Fake maintenance

The so-called “Fake Maintenance Scam” is a phony graphic user interface (GUI) that tells users the site is “undergoing maintenance”. The scam is effective because it tricks players into giving away their login information. Younger or newer players, upset at their game’s interruption, are more likely to sign back in without questioning the GUI’s authenticity.


Here are some maintenance guidelines to help children identify when Roblox is actually undergoing maintenance:

  • An orange banner (see above) will appear on the Roblox website warning you before maintenance begins.
  • When the banner changes to red, you won’t be able to play Roblox until maintenance is finished.
  • Maintenance usually occurs when you’re asleep or at school.
  • Roblox will never ask for your username and password anywhere except the home page.

Botnets

Scammers can use “bots” to make money from Roblox players. Bots are automated programs that perform a specific set of tasks. On Roblox, the most common bot task is to create a fake account and message players, asking them to visit a website to get free Robux.

Hackers released thousands of bots or a “botnet” during the 2017 Group Wall Scam. The botnet was sending thousands of players to a monetized YouTube video to increase its number of views.

How to prevent attacks

Here are some ways to keep your little Roblox players and their devices safe.

Enable two-step verification

Two-step verification adds an extra layer of security to your child’s account by requiring an extra step to prove your identity. Any time your child signs in on a new device, Roblox will require you to enter a six-digit security code. For your child’s account, use a secure email address only you can access. Anyone trying to change the account’s password will need that security code.

Create a strong password

Even without phishing scams and fake GUIs, hackers have ways of guessing your child’s passwords using software. Teach your child that they should never write down their password or share it with anyone except you. Follow password creation guidelines to help them build a strong password that’s easy to remember.

Sign out when on shared devices

If your child plays Roblox on multiple devices, like a friend’s or a school’s computer, remind them sign out of their account when they’re done. It’s easy for others to access accounts when they’re simply left open in a browser.

Check the link before you click

You never want your child going to another website from the Roblox platform. If they do, they’re probably somewhere they shouldn’t be. Help them understand that URLs are an address for websites, like the one where they live. Just like they need to make sure they’re getting off the bus at the right stop, they need to check to make sure they’re on the right web address. For the Roblox website, they can look for the roblox.com address in the browser’s address bar. For example: https://en.help.roblox.com.

Set messaging and chat to “Friends”

Control who can communicate with your child through the account’s privacy settings. In the “Privacy” settings tab, users can control who can chat, message, invite and join them in the game. Restrict contact to “Friends” to keep your kid’s interactions safer. They’ll be less likely to encounter a malware link. However, you will still need to manage who their “Friends” are to keep the group safe.

If your child is part of the Builders Club, they can set their group to “Private” to keep out scammers.

Report Abuse and Scammers

Roblox employs moderators to monitor content, blocking inappropriate ads and warning players of scams. But with the game’s large number of users, player interactions, trading systems and user-generated content, it’s challenging to monitor everything.


Encourage your children to report any inappropriate behavior or scams. Roblox makes it easy for them to report others for a variety of abuses, from cyberbullying to posting offsite links. Tell them to find a grown up — either you or a moderator — if they have a bad feeling.

Free lunches

Use Roblox to teach your kids that there’s no such thing as a free lunch. If something sounds too good to be true, it probably is. If someone is offering free Robux or customized avatar t-shirt they’ve been wanting for weeks, it’s 99.9 percent likely to be a scam. The official Roblox trading system has specific rules to follow for exchanging items.

Download a good antivirus software

Antivirus software will protect your devices from getting infected by viruses or eliminating them if you do. There’s no substitute for vigilance, but downloading an antivirus software can eliminate the stress and worry that comes with the combination of children, the internet and digital devices.

As a parent, the last thing you want is to have your child’s social and creative Roblox experience end up as a bad memory. There’s more at stake than just a video game. Friends, digital worlds and hours of play can be stolen alongside usernames and passwords. Taking a little time to educate your kids about the real world can go a long way in keeping their digital one safe.

The post Is Roblox Safe for Your Kid? appeared first on Panda Security Mediacenter.

Read More

GDPR offers new protections for young adults

pandasecurity-MC-GDPR-adults

From May 2018, a new data protection law – the General Data Protection Regulation (GDPR) – will come into force, designed to better protect the privacy of European citizens. GDPR gives consumers a number of rights over the personal data that companies collect, and forces those businesses to better protect the information too.

If a company does breach the GDPR, penalties can be quite severe. For the most serious incidents, fines could reach €20m, or 4% of their global revenue. For a company the size of Google or Apple, that may be billions of Euros.

Here’s what GDPR will mean for young people.

A right to be forgotten

Modern companies collect a lot of personal data that is used to help them design new products and services, and to create marketing messages tailored to your preferences. Under existing laws, this data can be held almost indefinitely so long as it is used properly.

The new law gives back control of personal data to the individual. Under GDPR you will have the right to contact any company and ask them to delete any of your personal data that they hold. The company then has 30 days to remove all trace of you from their systems.

Say you decide to leave Facebook. Currently you can “delete” your account, but all the posts and photographs you’ve ever uploaded are kept (and used) by Facebook – it’s just not publicly available. Once GDPR comes into force, you can ask Facebook to delete this “invisible” data too, leaving no trace you were ever a member.

Marketing opt-out

Typically, websites do offer an opt-out for marketing telephone calls and emails when you register. Hidden away at the bottom of the sign-up form will be some checkboxes that need to be ticked or unticked to indicate you don’t want to receive advertising.

Sometimes simply accepting the Terms of Service (the long, legally complex page that most people don’t read) is accepted as confirmation that you do want to receive sales calls. Your consent is implied by the company.

GDPR demands that consumers give explicit consent to having their personal data used for marketing. If you don’t click the relevant permissions box, the company cannot contact you for sales purposes.

Deleting childhood social media posts

Although GDPR is being implemented by every EU member, each state is permitted to make additions to the regulation. In the UK, young people will gain an additional right. From May next year they will be permitted to ask social networks like Facebook, Twitter and Instagram to delete any updates posted before their 18th birthday.

Because many young people share inappropriate content without fully thinking through the implications, they may be making it harder to find a job. This is certainly the case where employers routinely check the social media history of applicants.

With the right to request these embarrassing/rude/stupid be removed, young adults may be spared their blushes – at least when it comes to what they do outside the office in the evenings.

Obviously teenagers and young adults should still be trained to use social media properly, but GDPR offers one final chance to remove their most embarrassing and immature thoughts from the public arena.

The post GDPR offers new protections for young adults appeared first on Panda Security Mediacenter.

Read More

Your Roomba wants to sell your home’s map

Earlier this week iRobot CEO Colin Angle shared with Reuters that the data collected by iRobot devices (such as Roomba) over the years may eventually be shared with third parties. Even though iRobot’s robotic vacuum cleaners are not as smart as R2-D2, some of the high-end models, such as the $900 Roomba 980 robotic vacuum cleaner, are known to contain sophisticated technology that maps and records information about users’ house floors. There is nothing wrong in having a smart device which does the vacuuming instead of you, but what raises some questions is the fact that the information these devices are collecting may one day be shared with the world.

In the interview with Reuters, Colin Angle mentioned that “there’s an entire ecosystem of things and services that the smart home can deliver once you have a rich map of the home that the user has allowed to be shared.” What we believe he has in mind is the fact that technology giants, as well as the government, might be able to find the data collected by iRobot devices beneficial.

What happens with the information collected by Roomba?

For example, such information can help marketers determine what items are “missing” from your household. If the floor map shows there is no couch in the living room, you may end up seeing a whole lot of seating furniture advertisements. You may also get flooded with toddler related products should the algorithm integrated into your smart vacuum cleaner determines you have a young fella running around your house frantically displacing stuff. There are various reasons the government may want to have access to such information too. When such info starts being passed around in most cases it becomes more accessible, which raises concerns as it may be used by hackers and potential crime doers. The more you share, the easier it will be for cybercriminals to find holes in the system and know more about you, your behavior and your belongings. This is a bit scary, isn’t it?

And before you toss the hardworking poor little Roomba away and replace it with an entirely secure broom, we wanted to highlight the fact that in the very same interview Angle confirmed that as of now, iRobot had not formed any plans to sell data. This does not mean it will never happen but highlights the fact that it may occur in the future.

So, do we have to worry about the safety of a vacuum cleaner?

Of course, we have to! Whether it is a vacuum cleaner, a car, or a TV … Everything that is connected can be a risk. All these devices collect a lot of information about us, our lives and our privacy. If that falls into bad hands, we should be very worried. It would be good to know if the data collected in the “roombas” travel safely and if the vacuum cleaners have security systems capable of dealing with infections or attacks as nowadays is not unreasonable to think that someone may want to take advantage of the information they contain (for example, a detailed map of your house, where are the jewels, the safe …).

For example, when it comes to personal computers or mobile phones, users can often discover a malware infection by noting that their device does not work as it should or because they have an antivirus. But in the case of vacuum cleaners or other devices connected to the Internet, without comprehensive protection, how can we know? At the moment there is no way to know if they are infected or not and can go unnoticed for long periods of time.

“Manufacturers should at least, eliminate unnecessary network services and include ways to control security and easily or automatically fix security vulnerabilities in their products. Consumers should take the same security measures with their computers or mobile phones as with all the devices they have at home connected to the Internet. Comprehensive protection systems are the best option to safeguard the security of all the devices we have at home. “Adds Hervé Lambert, Global Consumer Operations Manager at Panda Security.

There is so much technology around you that privacy no longer means what it used to, to improve their services, some companies such as your wireless carrier, for example, collect data about your behavior. Such monitoring not only helps businesses sell you more stuff but also in some cases keep you safe and improve your lives. The information companies gather from their customer base help R&D teams develop better and more appealing products. The more companies know about you, the easier it will be for them to provide you with solutions that improve your life. The only problem is when such information ends up in the hands of the wrong people, this is why it is important to always have a second layer of security –  tech giants such as Amazon, Apple and Google are not insured against cyber theft and the real victims after successful cyber-attacks are usually the average people.

So briefly, there is nothing wrong with sharing the maps with third parties, as long as the process is well regulated and there is transparency in how such sensitive information will be handled and secured.

 

The post Your Roomba wants to sell your home’s map appeared first on Panda Security Mediacenter.

Read More

Is Youtube Safe For Kids?

It can be surprising for parents that someone like Pewdie Pie has a net worth of millions of dollars, or that watching someone else play videogames is a billion dollar business thanks to streaming companies like Youtube. The types of videos that young children gravitate towards often surprise us, as the trends are constantly changing. To avoid any nasty shocks or surprises though -for you and your kids- it’s important to have adequate parental control in place.

Surely your kids won’t mistakenly find inappropriate content on websites like Youtube?

Sadly, this is not the case. A recent piece by Gizmodo’s Spanish website has highlighted the huge amount of videos on Youtube that parody kids’ cartoons. Series such as Peppa Pig and Dora the Explorer have been hijacked by comedians who give the show an adult theme that wouldn’t be appropriate for the original show’s target audiences. Judging by the thumbnails, some of these could easily be mistaken by a child for the real thing.

Even well intentioned amateur copies of shows that are still aimed at kids may not be great for the young ones. Remember that shows like Peppa Pig are specifically written and created with the help of child psychologists and pediatricians that understand the subtleties of how a child’s mind works.

Some of the adult-themed parodies have clear warnings at the beginning of the video, but this is not the case with all of them. What can we do though? Clearly blocking Youtube on our children’s devices is not a viable option, as so much of the content on there is great for the kids.

Youtube Restricted Mode

Youtube Restricted Mode, though not foolproof, is good place to start. When watching any video, scroll down to the bottom of the page where you’ll see several options like “language”, “content location”, “history” and “restricted mode”. After clicking on “restricted mode” simply press “on” and you’re good to go. Youtube itself warns that “no filter is 100% accurate, but it should help you avoid most inappropriate content.”

The Youtube Kids app also does a pretty good job of filtering out bad content for kids. Google, who own Youtube, have also been keen to stress that it is a signed-out experience. The app doesn’t collect any personal data. However, a watch history is kept to recommend shows for kids, a controversial issue that raises the possibility of targeted ads. Something we definitely don’t want for our three year olds.

The post Is Youtube Safe For Kids? appeared first on Panda Security Mediacenter.

Read More

Cyberbullying and “13 Reasons Why”

How “13 Reasons Why” can help fight cyberbullying

The Netflix TV series 13 Reasons Why has become a worldwide smash hit with teenagers drawn into the tale of a teenage girl’s suicide. Dealing with powerful issues like sexual assault, drugs, bullying and of course, suicide, the program has won praise from critics and viewers alike.

The dark, adult tone of 13 Reasons Why makes the series unsuitable for younger teens (in some countries it has been given an adult rating by film classification boards), and some have criticised the way in which suicide has been portrayed as inevitable. Some schools in the UK have even sent letters to schools in an attempt to make parents aware of the program, its contents, and to prompt discussion between parents about suicide and bullying.

Cyberbullying enters mainstream consciousness

As these letters from schools show, many parents are not fully aware of online bullying and the effect it has on young people. Although trolling often hits the headlines, the use of social media to attack, shame and humiliate children and teenagers tends to be less openly discussed.

13 Reasons Why not only mentions cyberbullying, but goes into detail about how one student – in this case the protagonist, Hannah Baker – is singled out by her classmates. Initially a false rumour is circulated about Hannah’s sexual activity with someone she meets at a party. The show also covers sexting – an intimate photograph is shared widely around the school, further shaming Hannah who never intended for the picture to become public.

As the story reaches its climax rumour, innuendo and lies circulate on social media, adding to the pressure Hannah feels with tragic consequences.

Important talking points for parents

The letter shown above is correct – the issues raised in 13 Reasons Why are important. They should be discussed with teens to help them avoid some of the situations Hannah finds herself in.

Social media bullying

Social media platforms typically require users to be at least 13 years old, but many parents allow their kids to set up accounts early, lying about their age in the process. Despite the pestering of their children, they should hold off until the minimum age is reached.

You should also consider using content filters to prevent access to age-restricted sites by your children until you are sure they are old enough to manage.

Reporting mechanisms

Every social network has tools built in to report bullying, trolling and other forms of abuse. You should help your kids set up their social media accounts, showing them how to use each network responsibly and safely. You must also show them where to find the abuse reporting tools, and how to use them, so they are prepared should they ever become a victim of cyberbullying.

Sexting

Sharing “intimate” pictures between teenagers is distressingly common – and few realise just how risky this behaviour is. As Hannah discovers in 13 Reasons Why, these photos can become public very quickly if someone decides to re-share them. Your kids may find themselves victims of bullying, harassment and unwanted sexual advances.

Use this opportunity to discuss the risks with your kids – and why they must never send “sexy” pics to their friends.

Parenting and personal security

Keeping your kids safe online – and avoiding some of the disastrous consequences discussed in 13 Reasons Why – relies on strong parenting and applications that help. As well as discussing sexting, cyberbullying and suicide with your children, consider downloading a free trial of Panda Global Protection to reinforce the rules and protect them from the darker corners of the internet. With Panda’s Parental Control feature you can decide if you prefer to block inappropriate content (pornography, drugs, weapons…) or just monitor their online activity and be aware of what they do online and what they look for. This can be very useful to find out if they are having some kind of problems (anorexia, bullying, etc.).

The post Cyberbullying and “13 Reasons Why” appeared first on Panda Security Mediacenter.

Read More

Eight everyday security tips for the whole family

family-EN

From the youngest to the oldest in your household, every member of the family uses the Internet and apps to inform, entertain and maintain contact with their loved ones. This Sunday, May 15th, is International Day of Families and to celebrate, here are some basic tips to keep your family safe while navigating the web.

Updates

Make sure that your operating system and programs or applications are updated properly. Manufacturers often fix vulnerabilities that are appearing, but the only way to make sure your software is “patched-up” is by using the latest version.

Email Attachments

If you get an email that looks suspicious, do not open it until you are sure that the sender is who he claims to be. If you receive unknown messages, do not download the attachments! Even those documents that appear harmless (such as a Word or a spreadsheet) can hide malware. A simple photo might not be what it seems.

Public Wi-Fi

Prevent connecting to public Wi-Fi networks.  Any cyber-delincuent  could use the network as a trap to access your device and steal your information.  If you must use a public network, you should follow these basic security tips.

Online Shopping

While searching for the “best deals” online, we can end up on some unreliable and unknown websites.  Stay away from them! Always verify that the website address matches the webite you are trying to access and that it starts with “https”.  If you always buy on reputable website you will avoid greater evils.

Social Networks

Do not accept friend requests from strangers or allow your children to do so. Try not to share your personal data (like your phone number or address)across platforms like Facebook, Twitter or Instagram, because you can never be certain who is on the other side or spying your conversations. It’s better to be safe than sorry.

Anti-virus

A good anti-virus is the best barrier that you can put between your computer and possible cyber-attackers. Each day, new vulnerabilities are discovered. Only the security experts are aware of them and can update the protection measures when there is a threat.

Parental Control

There are always threats on the network targeted towards young internet users.  Educate the children in your family about proper internet usage and how to recognize unusual behavior.  Teach them what they should do in a difficult situations and always install a good parental control system, like Panda solutions.

Keep Them Little

It is normal, if not inevitable, that your children use social networks or messaging programs like WhatsApp, Snapchat, and Facebook Messenger to speak with their friends. These services can be beneficial or entertaining, but are not 100% danger-free.  Beware of cyber-bullying and the danger-strangers that lurk behind the disguise of a screenname. And for those older members of your family, you should educate them about the dangers of sexting.

 

The post Eight everyday security tips for the whole family appeared first on Panda Security Mediacenter.

Read More

Cyber-crooks can use your wireless mouse and keyboard!

wireless-keyboard

Remember how the problems you had with the nightmare of tangled cables going in and out of your computer went away the day you discovered wireless devices? In fact, you swore never to touch a wired device again after buying a keyboard and mouse capable of communicating with your computer without needing to be physically connected to it. You even went as far as to replace your laptop’s touchpad with a mouse that communicates with your computer via a small USB connector as if by magic.

Well, we have news for you: A group of security experts have discovered that these devices, as convenient as they are, are not very safe. Cyber-criminals can take control of users’ computers remotely by exploiting flaws found in wireless keyboards and mice from seven major manufacturers (Logitech, Dell, Microsoft, HP, Amazon, Gigabyte and Lenovo).

The security hole affects millions of devices that use chips sold by the Norwegian firm Nordic Semiconductor. These chips allow devices to establish a short-wave radio communication with the target computer. Although these chips are capable of encryption, they require that vendors write their own firmware to implement that encryption and secure the connection between computers and peripheral devices. However, many companies don’t take the precaution to encrypt those communications.

And even if they did, it wouldn’t be much use. The companies that do encrypt their communications do not properly authenticate communicating devices, allowing rogue devices to inject unencrypted keystrokes over the same connection. Actually, the security experts that unveiled this vulnerability found several flaws in the firmware of the keyboards and mice that use those chips.

crazyradio-usb

A simple and affordable USB adapter with an antenna and a laptop was all they needed to demonstrate that it is possible to interfere with the radio protocol used by these devices to communicate with their USB dongle and send commands to the target computer. To do that, the target computer must be relatively close to the antenna, although they have been able to control Lenovo wireless devices from 180 meters away.

So, any attacker that used the method discovered by these researchers could take over a computer without laying a finger on its mouse or keyboard. The commands sent by the hacker would be interpreted by the computer as coming from the legitimate device.

Now, what could an attacker that took advantage of this flaw actually do on the affected system? Nothing much, really. Even if they managed to access the targeted computer, they wouldn’t be able to see its screen, so even unlocking the computer would be a difficult task not knowing the relevant password.

According to these experts, if the computer were actually unlocked, the cyber-crook would be able to download malware that could allow them to take full control of the computer.

However, the attacker would only have the same privileges as the legitimate user. If the computer were in an office, for example, they probably wouldn’t have the necessary permissions to install malicious programs on it.

keysweeperA Logitech spokesperson has already claimed that the “vulnerability would be complex to replicate” and “is therefore a difficult and unlikely path of attack.”  Despite that, the company has decided to develop a firmware update for the affected devices.

Similarly, Lenovo has announced that it will give users the option to replace the affected devices.  Microsoft, however, has simply stated that it will only launch an update as soon as possible.

This is not the first time that researchers warn of the dangers of wireless keyboards and mice. Last year, renowned security expert Samy Kamkar developed Key Sweeper, a keylogger hidden in a fake USB charger that logged the keystrokes typed on any Microsoft wireless keyboard.  With the help of an Arduino board, anyone could develop this keylogger software and find out what others were typing.

This research is extremely significant as it demonstrates that millions of devices are vulnerable. Taking into account that it may encourage cyber-criminals to start doing some tests, it may be a good idea to start updating your devices’ firmware whenever possible, and even replace vulnerable keyboards and mice with wired peripherals or, better still, wireless devices that communicate with computers via Bluetooth.

Bear this in mind, however: as cyber-crooks need to be close to the target device to carry out this attack, it seems logical that they set their eyes on companies rather than home users. But don’t lower your guard: prevention is better than cure…

The post Cyber-crooks can use your wireless mouse and keyboard! appeared first on MediaCenter Panda Security.

Read More

Honey, they’ve hacked the TV: The security callenges facing Smart TVs.

remote control

If Facebook and many more Internet platforms are capable of showing personalized ads on your computer according to your online behavior, why shouldn’t the same be true for our smart TVs? Paul McMillan, a German security expert, has proven that smart TVs are so smart that they can analyze the programs or films that you watch so as to be able to choose ads that might interest you.

McMillan realized this while watching the film Inglorious Basterds on his Samsung device. A few minutes after starting, a pop-up appeared which invited him to join the army.

It isn’t the first time that someone has reported that these intelligent devices display publicity adapted to each user. However, to know their preferences, they need to analyze videos that are watched every day. So will they install a system to recognize the different content being watched?

The German investigator wanted to check if the ad continued to be shown despite changing the origin of the video. He used the same platform (via Amazon), but connected his computer to the television and watched the film from there. The pop-up returned again, meaning that the process depending on Samsung and not on the content provider.

Consumer Reports, which tests and analyzes new products, has already warned that smart televisions use an automatic content recognition system, which monitors videos that are watched, be it from YouTube or on DVD.

The companies could be sending this information to third-parties, which could include consultancy and publicity firms, who are both very interested in creating personalized advertising.

In general, it’s not businesses such as Samsung or LG who do this sneaky surveillance. What they do with user information should appear in their use and privacy policy, although they know that not many people bother to read it, and those that do most likely won’t understand a lot of the jargon. With these documents, companies leave open the possibility to insert ads directed at every type of audience.

However, the audience doesn’t need to accept everything that is thrown at them. Samsung has already faced complaints over its supposed use of voice recognition systems on its TVs to spy on conversations. In its service conditions, it stated that user should be careful with their words, as this and other information was being shared with third-parties.

smart tv

At the start of 2015, Samsung began to show Pepsi pop-ups on applications for streaming videos. The company brushed this off by saying that the ads formed part of a collaboration with Yahoo and that they were optional. The customer could disable the ads in their settings, but Samsung had previously failed to advise anyone of this.

In the case of LG, a British developer discovered that its smart TV collected information about user habits via the “smart ad” function and saved this information on the company’s servers (something which also appears in its terms of use).

Vizio, a manufacturer what operates mainly in the USA, also admitted that its televisions can recognize the content of the screen, which in the future could be used to send “ads in line with your interests”.

All of these firms earn money in exchange for advertising, which in turn allows them to sell their products at a more competitive price. However, their practices have placed security experts around the world on alert.

Nobody has asked their customers, whose only option (until now) seems to be in looking through the TV’s settings to find how to disable the ads. Will there be an ad blocker for smart TVs in the future?

More | Smart TVs have become the new target for cyber criminals

The post Honey, they’ve hacked the TV: The security callenges facing Smart TVs. appeared first on MediaCenter Panda Security.

Read More