Internet Safety Month: How to manage your child’s online presence

Internet Safety Month: How to manage your child’s online presence

Posted: June 28, 2018 by 

When you hear the term “reputation risk management,” you might think of a buzzword used in the business sector. Reputation risk management is a term used to describe how companies identify potential risks that may harm their reputation and mitigate them before they blow off.

As companies grow, so grows their public reputation. Heading potential PR disasters or credible crises off at the pass can keep organizations from losing revenue, confidence, and trust from their clients. Suffice it to say, putting your best foot forward and keeping it there is crucial.

Now, here’s a thought: If businesses know they have much to lose if their reputation is threatened, shouldn’t parents and guardians also consider that their children can lose out if their digital footprint is at risk?

To cap off Internet Safety Month, we’re going to ditch the buzzword in favor of a phrase that parents, teens, and young kids can easily grasp: You must manage your online presence. Before we delve into how parents and guardians can take charge, it is crucial that we first understand one thing when it comes to having a digital life:

Your online presence is your online reputation 

Our digital footprint starts the moment we or someone we know shares something about us online. This could be a solo or group photo, a Facebook status update, or a name mention in a Tweet. Even those who claim to be inactive on the Internet can still have an online presence, thanks to other people in their lives.

Our footprints don’t stop at our first “Hello, World!” though. The more we use the Internet, and the more we’re included in other people’s social media feeds, the more of our footprints are left for anyone online to see. These marks we leave behind can be collectively referred to as our online presence. How we present ourselves to and conduct ourselves in the digital world affects how people perceive us online—now and in the future.

Having an online presence, whether it’s a positive on negative one, affects our reputation—online and in the real world. If “Jane Doe” is known to exhibit behavior tantamount to bullying in a forum she frequents, she already has a bad reputation in that community. Who she is and how she behaves in that community can also spill over to other online forum communities as well.

There are consequences for bad behavior online. She may be blocked from those communities. Or worse, someone may Google her name and become aware of her bullying behavior online. She could feel the impact of her negative actions in the workplace or beyond when coworkers or friends become aware that Doe is engaged in bullying in forums, they can assume that she has the tendency to bully people in real life as well.

Leaving only negative digital footprints online, then, has no longer become an option.

What you can tell your kids to manage their online presence

“Google yourself.” Maybe it has been a while since your kid started using the Internet, or you and your child are just curious of what might come up. (Hint: type your name in quotes) Either way, it’s advisable to look up where your name, public posts, and/or photos end up every now and then.

If your child has a common name, you can further add modifiers (like the school they go to or city/state/town you live in). Just run many searches with varying modifier combinations and see what comes up. As for photos, you can use Google’s image and reverse image searches. To do the latter, go to the Google Image Search page and click the camera icon in the search bar. You can then paste the URL of an image you have of your child (in the first tab) or drag-and-drop to upload their picture (in the second tab), so Google can crawl the web in search for other copies of the one you just provided.

Google Image Search page processing the image you uploaded for reverse lock-up

Other things you can use to search for are email addresses, social media usernames, and phone numbers. You can also set up Google to alert you if other information about your child (like their name) pops up on the Internet at some point in the future.

“Watch out for information you don’t want made public.” It’s possible that you may have already stumbled upon a few pieces of information or pictures you or your child may not want online, or at least visible to the public. This information may have been put up years ago or yesterday.

Posts can be easily removed on sites you or your child can control, such as Facebook and Twitter. But for third-party sites, it may need a bit of legwork. For copyrighted material such as photos, you can contact the site owners and reference the Digital Millennium Copyright Act (DMCA) [PDF]. As the parent or responsible adult, you may also need to contact each website that has information about your child that you don’t want there.

It’s also time to review those security and privacy settings of your child’s accounts to see if there has been a policy update or if you need to modify additional settings.

Read: Internet Safety Month: How to protect your child’s privacy online

“Start cleaning up your online act.” A good starting point will be teaching them good computing and Internet practices, if you haven’t already. We have various references of how one can do this here on the Malwarebytes Labs blog. So to avoid reinventing the wheel, below are the links you may want to visit and read up on:

The work doesn’t stop here, though. Parents and guardians should also put great emphasis on kindness, understanding, and patience when they treat or deal with other Internet users. Hiding behind the screen shouldn’t merit one to forgo these values.

Lastly, impress in them the idea of thinking first before posting anything. Online, it’s easy enough for anyone to misconstrue what one is trying to say because cues like facial expressions and body language are non-existent. A flippant joke or a sarcastic remark could start a flame war. Even an innocent post can sometimes get someone else in trouble.

“Deactivate/Delete accounts you’re no longer using.” This may seem obvious, but at times, accounts that are no longer used are left active for an indefinite and extended period because your child may have decided to use another account, or wholly avoided people in a particular online community. The latter is one of the best reasons why your child’s account should be deactivated. This is especially helpful if, for example, your child was caught in a crossfire between warring parties and one group started targeting him or her via that account. Save everyone the headache (and the insanity) and deactivate the account.

In a perfect world…

…every Internet user would be sharing all of their achievements, and everyone would be applauding. Every Internet user would be encouraging everyone who needs encouraging. Every Internet user would be honest, civil, and tactful. Every Internet user would be sharing photos of only their best, wholesome selfies, their cats, and funny GIFs.

But this isn’t a perfect world. Someone will always say something that another may find offensive. Someone will put someone else down, talk in Caps Lock, and share photos of their wild partying or of a drunk friend who passed out on a sidewalk. In the end, realize that there is data online about someone that puts them in a bad light. Your child may not be exempted. So help them take control and guide them on how to be more responsible with what they share now and in the future.

Good luck!



Malware Intelligence Analyst

Technical writer, researcher, and marketing fellow fascinated by psychology, architecture, and supercars. A habitual night owl.

Internet Safety Month: How to manage your child’s online presence

Tips for safe summer travels: your cybersecurity checklist

Tips for safe summer travels: your cybersecurity checklist

Posted: June 8, 2018 by 
Last updated: June 7, 2018

Summer is just around the corner in the Northern Hemisphere, and with it comes vacation plans for many. Those looking to take some time away from work and home are likely making plans to secure their home, have their pets taken care of, and tie up loose ends at work. But how about securing your devices and your data while you’re away? Here are some things to take into consideration if you want to have a trip free of cyber worries.

Before you leave

Some of the things on your cybersecurity checklist can be taken care of before you leave. They include the following:

  • Make sure the operating systems and software on all the devices you are going to take along with you are up to date. Having to install updates while you are on the road can be a pain due to slow and unstable connections. Use your at-home Wi-Fi, which you know is secured with a password. (Right? If not—do that right away.)
  • You may want to take precautions to secure devices that you’ll be leaving behind in your workplace and home. If a burglar gets hold of your desktop, they should not be able to harvest any valuable data. All devices should be password protected (including the ones you are taking along with you).

  • Back up the valuable data on the devices you are bringing so that if you lose them, it won’t be a double disaster.
  • Do not announce the dates of your upcoming travel plans on social media. That’s a great way to alert criminals to case your house and break in during the time you’ll be gone. Post your travel pics when you get back. They will still be cool.
  • Disable the auto-connect options shortly before you leave and have your devices forget the network SSIDs in their lists. Threat actors can abuse these features for man-in-the-middle attacks.
  • If you have contactless debit and credit cards, get shields in which to store them so you can carry them around without leaking information.
  • Think twice about bringing a multitude of devices. The chances of anything getting damaged, stolen, or lost are much higher when you’re on the road.
  • Make sure your travel insurance covers all the devices and any other valuables you plan to take along.

While you are traveling

Travel plans can range from road trips to a nearby camping spot to flights to five-star beach resorts. Because of the wide range of travel options, some of the following advice may or may not apply:

  • If you park your car at the airport, obviously make sure no valuable devices are left behind. This is also a good time to disable the Bluetooth of your phone, because the car is probably the only useful Bluetooth connection you need. And when Bluetooth is off, it can’t be abused.
  • Airports and other waypoints on your travels will often offer public, free, and unprotected Wi-Fi. Consider the risks associated with them when you use them, or use a VPN to enhance the security by encrypting your connection.
  • If you need to use Wi-Fi at your hotel, make sure their connections are secured with passwords. And if you need to access sensitive material for work, set up VPN on your laptop beforehand.

  • Privacy screens make sure that only the person sitting straight in front of the screen can read what is on it. This can stop people from secretly watching what you are doing. Good privacy screens are easy to apply and are available for laptops and many handheld devices.
  • Don’t use public computers for sensitive Internet traffic. This certainly includes online shopping and any other financial transactions. While you are traveling, it’s safer to spend money at your destination instead of online.
  • If you use webmail to read your mail when you are away from home, keep in mind that this may be less secure then reading the mail in your favorite email client. Some webmail services have html enabled by default.
  • Use a fully updated anti-malware solution for all your devices. Malwarebytes has solutions for many operating systems and types of devices.
  • Since you may not want to take your laptop and every other device with you as you go sightseeing, make sure there is a safe place to keep the items left behind. Not every hotel safe is big enough for a laptop. Ask your hotel concierge if they have other options for securing devices. Simply leaving them behind in your room is not the safest move.

If you travel abroad

Some extra attention to detail may be required when you travel abroad.

  • Make sure you leave your country with the devices fully charged. You may need to use them for a while before you get another chance to re-charge. It may require different cables, power plugs, and adapters to charge your devices at your destination or checkpoints along the way. Come prepared.
  • Not only the US, but also some other countries will look at your social media accounts to find any information that could make you a less welcome guest. It might be prudent to remove any questionable comments to thwart further investigations.
  • If traveling into the US from abroad, be prepared that you might be asked to hand over your device and your password to get in. Make sure there is nothing to be found on it that you don’t want to be found.

When you get back

Back home safe and sound? Don’t rest yet. Check a few more things and then you can start posting online about your relaxing, fun, and incident-free vacation.

  • Update your anti-malware solution and run manual scans on your devices to check for any uninvited guests you may have picked up on the road.
  • If you bought devices abroad, check them for compliance and whether they are compromised. In some countries, devices are sold with monitoring software pre-installed.
  • Check your bank account for any unexpected withdrawals or spending. Warn your bank or credit card provider if you suspect foul play or if you have lost sight of your credit card at some point. it’s especially important to do this if you suspect your login credentials may have been stolen.
  • As an extra precaution, you may want to change the passwords that you used during your time away. If someone managed to get ahold of one during your trip, you’ll stop them from doing any damage with a changed password.

Don’t let all this ruin the fun

While most of the things mentioned above are precautions we (should) take every day, they are not the first ones that come to mind when you are planning that awesome trip you have worked for all year. But as always, it’s better to be safe than sorry.

Recommended reading: 7 tips to stay cyber safe this summer

Safe travels!


Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

Tips for safe summer travels: your cybersecurity checklist


HTTPS: why the green padlock is not enough

HTTPS: why the green padlock is not enough

Posted: May 9, 2018 by 

When goods get sold in large quantities, the price goes down. This might not be the first law of economics, but it’s applicable. An extrapolation of this is that if there are practically no production costs and no raw materials involved, prices of such goods will drop to zero. Usually, they will be offered as free gifts to promote the sale of other, more costly goods.

Something like this has happened to SSL certificates. They are offered for free with web hosting packages by several companies, including those that don’t do a thorough check into the identity of the buyer. Better said: They couldn’t care less who buys the package as long as they pay the bills.

So, while users can now expect to see the green padlock on every site, especially the ones where they make financial transactions, the trust that we can put into the underlying certificates is going down.


To clarify what we are talking about, let’s have a look at the definitions of the protocols we are about to discuss.

Hypertext Transfer Protocol Secure (HTTPS) is a variant of the standard web transfer protocol (HTTP) that adds a layer of security on the data in transit through a secure socket layer (SSL) or transport layer security (TLS) protocol connection.

Secure Sockets Layer (SSL) is a computer networking protocol for securing connections between network application clients and servers over an insecure network, such as the Internet.

Transport Layer Security (TLS) replaced SSL when it was deprecated, but TLS is backwards-compatible with SSL 3.0.

So, basically TLS is a computer networking protocol that provides privacy and data integrity between two communicating applications. It’s used for web browsers and other applications that require data to be securely exchanged over a network.

PayPal CA Symantec

The green padlock

So, where does the green padlock come into play? The green padlock simply means that traffic to and from the website is encrypted. A certificate, provided by a certificate provider (Certificate Authority or CA), is used to set up this encryption. Sounds good, right? But the only thing you can actually be sure of when you see such a padlock is that your computer is connected to the site that you see in the address bar.

Let’s use the example above to explain some of this. A right-click on the padlock shows us some more information about the secure connection.

details PayPal certificate

So, we have a secure connection to the domain owned by PayPal, Inc. and the Certificate Authority is Symantec.

Let us compare this authentic one to the one in use by a known PayPal phishing site:

PayPal phishing site

As you can see, the phishers have a green padlock on their site as well. But when we have a look at the details:

phishing certificate

It is easy to see, from the browser address bar alone, that we are not connected to And in the additional information, we can see that the phishers used a free certificate from the CA Let’s Encrypt.

I do realize that in this example it was easy to see the wrong address in the browser’s address bar, but typosquatted domains can be a lot harder to spot, as they purposely use domain names that look similar to the legitimate site. PayPal has registered many such typosquatted domains to protect their customers.

So, we’ve established that the green padlock alone is not enough. In fact, over a million new phishing sites surface every month. Given how many new sites—not just phishing sites—are created every day, and knowing that hosting deals include free certificates and are cheap as dirt, we can easily assume that hosting providers do not have the resources to check each and every new site. Even if they did perform these checks, who is going to check whether the site does not get changed once it has gone live?

So, since the visitor is the one facing the consequences of entering his credentials on a phishing site, it looks like the ball is in his court.

But there is help

You do not need to feel helpless. The cavalry comes to the rescue in many shapes and forms. Some browsers warn you before they let you visit known phishing or other malicious sites. This method is based on blacklisting, so if you are among the first visitors, you could still wind up on such a site without a warning.

Firefox warns deceptive site

Some security software, including Malwarebytes, blocks known phishing and other malicious sites. These methods can be based both on blacklisting and behavioral analysis.

blocked for phishing

And there are certificates that do get issued only after extended checks. These are called EV (Extended Validation) certificates. To show the difference, we need to double back a bit.

difference EV and OV certs

The bottom screenshot is the original PayPal certificate, and it is an extended one. The top screenshot is a regular Domain Validation (DV) certificate (which was used by the phishing site). As you may notice, the EV certificates are displayed differently from the DV certificates. The difference in how they are displayed varies per browser, so you might want to familiarize yourself with the way that these are displayed in your browser of choice.

Check, check, triple-check

Since HTTPS and TLS are becoming commonplace and cheap, phishers are no longer barred in any way from using the green padlocks on their deceptive sites. As a consequence, users are under advise to pay attention to the kind of certificate behind the padlock.

The best practice is to have shortcuts for the websites that you use to transmit personal or financial data, rather then clicking on links sent to you by mail or found by other means. At first contact, the things to check on a website that require entering personal information or credentials are the following:

  • Is there a green padlock in the address bar?
  • Does the address in the browser’s address bar match your expectations?
  • Is there an EV certificate or not?

Only when you are satisfied that the website belongs to the domain of the company that you wished to pay a visit, enter your credentials or personal data.

Stay safe!


Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

HTTPS: why the green padlock is not enough


SEO poisoning: Is it worth it?

SEO poisoning: Is it worth it?

Posted: May 29, 2018 by 

Search Engine Optimization (SEO) poisoning basically comes down to getting your web page high in the rankings for relevant search results without buying advertisements or using legitimate, but tedious, SEO best practices. Instead, threat actors use illegal means to push their page to the top. Sometimes, this technique is also referred to as black hat SEO. (Although the people selling these services will refer to them as “link building services.”)

So how does SEO poisoning work? And is it something site owners should actually try? Or should they avoid it at all costs?

The basics

SEO is short for Search Engine Optimization and it is a marketing strategy that is designed to make sure that your website is found if people search for certain keywords that are relevant to your business. The ranking of a site in Google’s search results is primarily based on how well the page is optimized, but it’s also based on “reputation.” The reputation of a page is calculated using the number of inbound links pointing to that page. It helps a lot if the incoming links come from pages that are about the same or related subjects, but a large amount of links coming from all kinds of sites helps as well.

Why focus on Google?

In this article, we will focus on how SEO works for Google. This is for a few reasons:

  • Google is by far the most popular search engine, despite mighty efforts by their competitors. The fact that “Googling” is a verb in many languages should tell you enough.
  • Google is relatively open about how its algorithms work, and you can find a lot of information if you want to improve the ranking of your search results, which is what SEO is all about. For good results, it’s imperative that web developers keep an eye on new updates and how these updates might influence their SEO strategy.
  • Google is the industry standard in this field, and because of this many available SEO tools are limited to or aiming for Google results.

How does link building work?

Search engines want to serve you authoritative pages on the subject that you are looking for. One of the determining factors for the ranking in the search results is called the Page Authority. As you can see in the example below, the page authority is not just a matter of how many incoming links there are. And it is also not the only factor that determines your ranking in the search results. Even though the BBC site has more “page authority” on the keyword of “spyware,” the Page Authority calculation is based on many other factors and seems to take into account that detecting spyware is part of Malwarebytes’ core business.

Page Authority

Authority calculations and screenshot made with Moz Pro

So, a good method to be seen by the search engine’s algorithm as an authority in a certain field is to attract incoming links. And it is important that these links come from other authoritative sites in the field that your page aims to rank high for. Quality really outweighs quantity here. To accomplish this, you need a well-written and cleverly formatted (optimized) page that people will point to if they want someone to read an informative or explanatory piece.

When does link building become SEO poisoning?

If you are lazy, you can’t spend the money to hire someone, or it’s just plain hopeless to become an authority due to heavy competition in your field or for your keywords, you might consider buying incoming links from a black market vendor. These threat actors will usually have, or be able to obtain, a multitude of compromised sites that they can use to post links on. Another method that they may use is to spam forums with the help of spambots. So, we draw the line at whether the site owner agrees with the links being posted on his site.

Contrary to popular belief, posting links on social media like Facebook and Twitter does not help to improve a page’s SEO. The links on social media are “nofollow” links, and Google’s bots will not follow them or add them to your tally of incoming links. Google+ is an exception to this rule. I wonder why.

seo link building

A quality link from an authoritative site weighs heavier than a lot of low quality links.

Pure malicious purpose

A recent example where SEO poisoning was used successfully is one where link building was done purely for malicious purposes—to infect visitors. By adding keywords and links in hacked websites, threat actors were able to get malicious pages ranked at the top of the Google search results for specific and carefully-chosen queries. The desired queries were banking and financial questions, and visitors of the ranked pages were infected with a banking Trojan.

Are all link building services bad?

No, that’s not what we are saying. But the services offered on black hat forums with a “no money back guarantee” should be examined with a 10-foot pole and a disinfected microscope. If you are not an SEO professional and SEO is just a by-product of trying to sell your goods or services, then by all means, contact a professional and see what they can do for you.

Just make sure you don’t end up sponsoring some malware author who goes around hacking legitimate sites and who may end up ruining your reputation. Because there are ways to investigate whether you have used black hat SEO techniques to boost your search rankings.

Is SEO poisoning actually recommended?

It is not recommended for several reasons:

  • It’s not effective. With Google’s new search engine algorithms, black hat SEO is far less effective than it used to be, but is still offered by malware actors on underground markets.
  • There are negative side effects. If Google or others sniff out your method, this might ruin page or domain authority, as well as professional reputation.
  • It doesn’t come cheap. In the long run, you may end up spending a lot of money—money much better spent on legitimate and long-standing methods for success, such as hiring an SEO professional on staff or working with a consultation on learning best practices.

Not to give you any ideas, but you can also buy negative link building services for your competitors. As appealing as it may sound to have your competitors’ product associated with the keyword Viagra, we do not recommend using these either.

The best long-term solution is to work hard and play fair using legitimate SEO tactics to boost your page rankings. If you aim for a cheap and easy way around SEO, you’ll get exactly what you paid for: a whole lot of nothing.


Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

SEO poisoning: Is it worth it?


Pin It on Pinterest

Share This