8 everyday technologies that can make you vulnerable to cyberattacks

8 everyday technologies that can make you vulnerable to cyberattacks

Posted: August 9, 2018 by 
Last updated: August 8, 2018

The technological advances of the modern world make for an exciting and convenient lifestyle. With each new development, from artificial intelligence to the Internet of Things, we make the mundane and tedious more manageable.

The security vulnerabilities of the latest tech have been well documented. But what about everyday technologies that have been around for a while or are widely adopted? Those familiar devices and programs can also put you at risk of being targeted by hackers.

Here are eight commonly-used tech conveniences that are not as ironclad as you might hope.

1. Smart speakers

Smart speakers like Google Home or Amazon Echo, feature countless capabilities meant to assist users. However, cybersecurity experts also warn they’re vulnerable to numerous types of attacks.

Some involve threat actors controlling the speakers with supersonic commands that humans can’t hear, but smart speakers recognize when embedded into YouTube videos, white noise, or other content.

Researchers also discovered hackers could engineer smart speaker apps that seem legitimate but actually come straight from those orchestrating cyberattacks. Sometimes, even when users close out of the apps, they keep recording conversations and other sounds happening in the home and sending them to criminals silently in the background.

2. Smart security systems

Smart security systems let you keep an eye on your home while at the office or vacationing in another country. These systems allow users to sort through hours of footage stored in the cloud or can use artificial intelligence to learn familiar faces who arrive at your door.

However, even security systems can have flaws. A cybersecurity research team in Europe found a bug in Swann smart security cameras that allowed footage from one home to be broadcast to other homes. If hackers had discovered that problem instead of the researchers who verified its existence, they could have used the vulnerability to intercept footage and spy on homeowners. Then, it’d theoretically be quite easy for them to move beyond hacking into the realm of burglary.

3. USB drives

USB drives increase the capabilities of your computer, specifically by being able to move files from one location to another, or to increase storage capacity. They’re also relatively easy for hackers to corrupt by loading worms or other kinds of malware onto them. The US military even knew of the potential danger they posed and banned the use of thumb drives a decade ago.

Unfortunately, many individuals and businesses do not understand the genuine risk of letting employees connect to the Internet while using unsecured USB drives. Instead, they view USBs as tools of convenience, not gadgets that could infect their computers or networks. For example, if a USB drive is connected to a machine that’s infected with ransomware, the files on that drive will also become infected. Moving that drive from one computer to the next, then, could spread the infection beyond a single endpoint to multiple systems.

4. Dongles

Where USB drives give you more room to store files on a computer, dongles plug into USB ports and increase functionality by providing extra content or features. For example, smart TV dongles give you extra channels and movies to enjoy.

A few years ago, cybersecurity experts hacked a dongle provided to car owners by an insurance company to track their driving habits. The experiment allowed researchers to control the windshield wipers of the vehicle fitted with the dongle and—much more alarmingly—enable and disable its brakes.

A more recent problem affected the Amazon Fire Stick. In that case, threat actors installed cryptomining malware that didn’t show up in users’ lists of running apps. Besides making the Fire Stick and its Internet connection sluggish, the malware sometimes made itself known by displaying the word “test” on the screen, accompanied by the Android bot icon. Fortunately, it’s reportedly fixable by restoring the dongle to its factory settings.

5. Shared media files

Cybercriminals consistently engineer new ways to trick people into giving up their passwords, credit card numbers, and other personally identifiable information (PII) through phishing attempts. Phishes typically show up in victims’ inboxes and look exactly like legitimate emails, down to the color schemes, buttons, and headers.

You might already know that downloading an unfamiliar email attachment increases the possibility of being infected, but perhaps you let your guard down when using a well-known file-sharing service like Dropbox. Hackers send malicious emails seemingly originating from Dropbox, too.

Once people click on links within those messages, their browsers go through a redirect process and proceed to download a JavaScript file put there by cybercriminals. Lo and behold, passwords and other credentials entered to access the “Dropbox” folder will be scraped and sent off to those crafty criminals, who can sell them on the black market to the highest bidder.

6. Wi-Fi networks

People use Wi-Fi networks every day and scarcely think about the consequences. Unfortunately, hackers often take advantage of that dependence. Sometimes they create illegitimate, publicly accessible Wi-Fi networks with official-sounding names, like Philadelphia Airport, and hope people will connect to those without verifying they’re real.

Other disturbing research reveals ex-partners are wreaking havoc via remotely-managed instances of domestic abuse. The people affected are collectively known as smart home abuse victims. A study about the matter emphasizes how an individual need only know a home’s Wi-Fi network password and have a corresponding smart home app on their phone to make the lights turn on and off, crank the thermostat up to an unbearably hot temperature, or otherwise make life extremely unpleasant.

7. Smart phones

Like many people, you probably think of your smart phone as much safer from malware than your computer. However, the very thing that makes smart phones “smart,” the Internet, is what makes them vulnerable. Often, infiltration happens when threat actors create apps that look legitimate, but are actually a front for loading all kinds of malware in the background, from cryptominers to adware and even ransomware.

In addition, criminals can infect your phone through smishing, or SMS phishing, where malicious links are texted to individuals under the guise of a great promotion or pretending to be from a credible institution, such as a doctor’s office or bank.

A case involving activists working for Amnesty International revealed hackers installed a kind of spyware called Pegasus through WhatsApp (the real app, not a spoof). Moreover, there are nearly 200 publicly-reported cases of nonprofits being targeted through WhatsApp by that spyware or similar form of malware.

8. Web browsers

Using the Internet would be substantially more cumbersome and maybe even impossible without the invention of the web browser. However, just like the other items on this list, web browsers can also serve as gateways through which hackers enter. One bug that made headlines in April 2018 involved hackers compromising Windows computers through a vulnerability in Internet Explorer, which allowed users to be infected by a malicious Microsoft Word file.

Another kind of malware called Vega Stealer snatches credit card details input into fields when people use the Chrome or Firefox browsers. It can also take data from Word and Excel files and show it to outside parties.

Finally, criminals have found another route to infect users via browser by creating rouge plugins that often make their way past official review for listing in browser web stores by appearing to be legitimate. However, once approved and adopted by the stores, threat actors flip the switch and add malicious updates, infecting any users who download the plugins for additional browser functionality.

Many issues discovered by researchers

If there’s a positive side to several of the vulnerable tech items on this list, it’s that cybersecurity researchers uncovered their vulnerabilities and notified the appropriate parties. Of course, it’s worse when device owners are the ones who learn that problems exist when their computers, phones or other tech helpers start behaving strangely.

In any case, now that you know about some of the things cybercriminals do to unsuspecting users of technology, aim to be more aware of when things seem amiss. Being proactive can sometimes prevent small issues from becoming gigantic catastrophes.

ABOUT THE AUTHOR

Tech journalist covering AI, the IoT, and cybersecurity. In addition to being a senior writer for MakeUseOf, Kayla is a regular contributor at Digital Trends, The Next Web, VentureBeat and TechnoBuffalo.

8 everyday technologies that can make you vulnerable to cyberattacks

 

Introducing: Malwarebytes Browser Extension

Introducing: Malwarebytes Browser Extension

Posted: July 26, 2018 by 

Are you tired of all the unwanted content the world wide web offers up, whether you like it or not? It is our privilege to introduce you to the Malwarebytes Browser Extension (BETA). Or, better said, the Malwarebytes Browser Extensions, because we have one for Firefox and one for Chrome.

Introduction

Malwarebytes Browser Extension delivers a safer and faster web browsing experience. It blocks malicious websites and filters out unwanted content (resulting in up to three times faster webpage load times). The filtering is not based on definitions, so the extensions can block previously-unidentified fake tech support scams and their tactics.

What will it do for your browsing experience? It prevents pop-ups, browser hijackers, and browser lockersfrom harassing you and interrupting your surfing. It also blocks clickbait links and fake news content, stops in-browser cryptocurrency miners, and gives other malicious content the boot. All this while relying on threat behavior patterns rather than on researchers who have to track down, identify the malware, and add it to a database of known threats. (We still need those researchers to make our products better. This is just a different, faster method.)

Speaking of behavior patterns, our browser extension is the first that heuristically identifies and blocks tech support scams‘ browser-locker pages, which scare users into calling fake tech support scammers. So it protects you from unwanted social engineering tactics as well.

Why should I use it?

This is where Malwarebytes Browser Extension can help you:

  • Protection from tech support scammers: Blocks browser hijackers, and browser lockers, which are used by scammers to drive victims to call centers that use scare tactics to sell expensive technical support (that you don’t need).
  • Faster web page load times: Popular websites download a lot of unwanted content in the background. By filtering out clickbait and ads, Malwarebytes Browser Extension BETA can speed up your webpage load time, saving your sanity and bandwidth.
  • Prevents visits to malicious pages: Protects you from inadvertently visiting bad websites that host malware content, steal your identity (phishing), load Bitcoin miners in the background, which slow down your computer, and a long list of other obnoxious behaviors that can make your online experience less than stellar.
  • Keeps your privacy private: Blocks third-party ad trackers that follow you around the Internet and target you with the same ads over and over again.

And these are the features it has to offer:

  • Malware protection: Blocks malicious programs or code that can damage your system.
  • Scam protection: Blocks online scams, including technical support scams, browser lockers, and phishing.
  • Advertising/tracker protection: Blocks third-party ads and third-party ad trackers that monitor your online activity. The number of blocked ads/trackers for a website will show beside the Malwarebytes logo in your browser.
  • Clickbait protection: Blocks content and websites that often display behavior of questionable value.
  • Potentially unwanted program (PUP) protection: Blocks the downloading of potentially unwanted programs, including toolbars and pop-ups.

Download and install

Chrome

The Chrome extension can be downloaded from Google’s webstore.

Malwarebytes Browser Extensions in the webstore

Installing the extension is pretty easy. Just follow the prompts when you click “ADD TO CHROME” in the webstore.

Confirm that you want to add the Chrome extension

Confirm that you want to add the Chrome extension

 

And you should see this prompt when the install is complete.

And you should see this prompt when the install is complete.

To double-check whether the installation was successful, you can check under Settings (use the icon that looks like three vertical dots) > More Tools > Extensions. You should find this entry:

installed Chrome extension

Firefox

The Firefox extension can be downloaded from the official Firefox Add-ons page. On the Add-ons page, click the “+ Add to Firefox” button and follow the prompts.

downloading Firefox add-on

Click “Add” to confirm that you want to install the Firefox add-on.

Click “Add” to confirm that you want to install the Firefox add-on.

And you should see this confirmation:confirmation Firefox add-on

To double-check whether the installation was successful, you can check under the Menu icon (otherwise known as a hamburger, which looks like three horizontal bars). Look for “Add-ons,” and you should find this entry:

Malwarebytes Browser Extensions Firefox add-on

Fine-tuning

In both Chrome and Firefox, you can make adjustments to the settings of Malwarebytes Browser Extension for more granular control. To reach the settings menu, click the blue Malwarebytes logo in the browsers’ menu bar. This will show you the current protection status and two additional links.

Malwarebytes Browser Extensions protection status

To enable or disable individual protection features, click the “Settings” link in that prompt. This will show you a menu:

Malwarebytes Browser Extensions settings

Here, you can also find information about what each protection mode guards against.

Under the “Allow List” tab, you can allow individual domains and IPs manually (in case we block something that you don’t want to be blocked). You can remove them from the list as well, if you change your mind.

allowed list

Under the “About” tab, you can check the version information and, importantly, allow the telemetry from the Browser Extension to be sent to us anonymously. This will help the researchers I mentioned earlier to assess whether a domain or IP should be blocked permanently.

telemetry

Functionality

When the browser extensions block a site, they will show you a warning similar to this one:

Malwarebytes Browser Extensions block

The dangers are classified along the lines of the major risks that a web browser might run into:

Adware
Compromised
Exploit
Fraud
Hijack
Malvertising
Malware
PUP
Pharma
Phishing
Ransomware
Riskware
Spam
Spyware
Trojan
Worm

The “blocked” page will offer a short explanation of these risks in the upper drop-down menu.

But, it’s a BETA

Why, yes, it is! So, you are using it at your own risk. Suffice it to say that both extensions have been downloaded thousands of times, and most complaints so far have been about false positives. All of these have been analyzed, and some have led to changes in the software. On a personal level, false positives are easy to resolve, as the extensions offer you the option to visit the blocked site anyway. Compared to the potential damages done by visiting a malicious site, this seems like small potatoes. It’s also possible to disable some of the features if you find them too aggressive for your liking.

We hope to be able to announce the full, official version of the Malwarebytes Browser Extension soon!

Give the Malwarebytes Browser Extensions a whirl, and stay safe out there!

Introducing: Malwarebytes Browser Extension

 

What’s in the spam mailbox this week?

What’s in the spam mailbox this week?

Posted: July 31, 2018 by 
Last updated: July 30, 2018

We’ve seen a fair few spam emails in circulation this week, ranging from phishing to money muling to sexploitation. Shall we take a look?

The FBI wants to give you back your money

First out of the gate, we have a missive claiming to be from the FBI. Turns out you lost a huge sum of money that you somehow don’t have any recollection of, and now the FBI wants to give it back to you via Western Union.

Sounds 100 percent legit, right? Here’s the email. See what you think:

Attn: Beneficiary

After proper and several investigations and research at Western
Union and Money Gram Office, we found your name in Western Union
database among those that have sent money through Western Union
and this proves that you have truly been swindled by those
unscrupulous persons by sending money to them through Western
Union/Money Gram in the course of getting one fund or the other
that is not real.

In this regard a meeting was held between the Board of Directors
of WESTERN UNION, MONEYGRAM, the FBI alongside with the Ministry
of Finance, As a consequence of our investigations it was agreed
that the sum of One Million Five Hundred Thousand United States
Dollars (U.S.1,500,000.00) should be transferred to you out from
the funds that The United States Department of the Treasury has
set aside as compensation payment for scam victims.

This case would be handled and supervised by the FBI. We have
submitted your details to them so that your funds can be
transferred to you. Contact the Western Union agent office
through the information below:

Contact Person: Graham Collins
Address: Western Union Post Office, California
Email: westernunionofficemail0012@[redacted]

Yours sincerely,
Christopher A. Wray
FBI Director

Sadly, the FBI are not going to discover you’re owed millions of dollars then send you off to deal with a Western Union rep to reclaim it. Additionally, a quick search on multiple portions of the text will reveal parts of the above message dating back many years. It’s a common scam tactic to lazily grab whatever text is available then reword it a little bit for a fresh sheen. For example, here’s one from 2013 that came with a malicious executable attachment.

This one has no such nasties lurking, but someone could still be at risk of falling into a money mule scam, or losing a ton of cash from getting involved. The good news is that ancient text reuse tends to send up the spam filter flags for most email clients, so if you do come across this, there’s a good chance it’ll be stuffed inside your spam bin where it belongs. If it’s in there, hammer the delete button and forget about it.

Let’s go Apple phishing

Next up, a pair of Apple phishes:

apple phishing

Click to enlarge

The first links to a site that’s currently offline, but does try to bait potential victims with a fake transaction for a set of $299 headphones:

fake headphone order

Click to enlarge

As with most of these scams, they’re hoping you’ll see the amount supposedly paid, then run to the linked site and fill in the phishing form.

The text from the second one reads as follows:

Your Apple ID has been Locked
This Apple ID [EMAIL ADDRESS] has been locked for security reasons.

It looks like your account is outdated and requires updated account ownership information so we can protect your account and improve our services to maintain your privacy.

To continue using the Apple ID service, we advise you to update the information about your account ownership.

Update Account Apple ID
For the security of your account, we advise not to notify your account password to anyone. If you have problems updating your account, please visit Apple Support.

A clickable link leads to the below phishing site located at appelid(dot)idnotice(dot)info-account-update-limiteds(dot)com:

apple phishing page

Click to enlarge

Upon entering a username and password, the site claims the account has been locked and needs to be set back to full health.

locked!

Click to enlarge

Potential victims are directed to a page asking for name, address, DOB, payment information, and a variety of selectable security questions.

phish asking for personal info

Click to enlarge

We don’t want anybody handing over personal information to scam mails such as the above, much less any fake login portals further down the chain. Always be cautious when seeing wild claims of payments and mysterious orders you have no recollection of; the name of the game is not so much panic buying as panic clicking, and that can lead to only one thing: hours spent dealing with the customer support section of shopping portals or your bank.

Sexploitation, Bitcoin, and old passwords

Speaking of mysterious behavior you have no recollection of participating in, a recent, massive phish email first hooks users by divulging their real, former password in the subject line, and then telling said recipients they’ve been caught on camera looking at porn and, um, doing other stuff.

Now, the drop of a password, even an old one, is enough to get many readers to raise a brow and open the email. Once opened, though, one of two things can happen. Those who haven’t viewed porn on their computer can breathe a sigh of relief. For the millions of others who have, however, a little panic might ensue, especially when the scammers ask for $7,000 in Bitcoin for hush money.

The email reads as follows:

I am well aware [redacted] is your password. Lets get directly to purpose. You don’t know me and you are probably thinking why you’re getting this email? Not a single person has compensated me to check you.

Let me tell you, I setup a malware on the xxx videos (porn material) web-site and you know what, you visited this website to experience fun (you know what I mean). When you were watching video clips, your web browser began functioning as a RDP that has a key logger which provided me with accessibility to your display as well as web cam. Right after that, my software collected all of your contacts from your Messenger, Facebook, as well as emailaccount. After that I made a double video. First part displays the video you were watching (you’ve got a good taste rofl), and next part displays the view of your webcam, & its you.

You actually have two different possibilities. Shall we review each one of these solutions in aspects:

Very first option is to just ignore this email. In such a case, I will send out your actual recorded material to every bit of your personal contacts and thus think about regarding the embarrassment you will see. In addition if you are in a romantic relationship, how it would affect?

2nd solution is to give me $7000. I will call it a donation. Then, I most certainly will straightaway discard your video footage. You will continue on with your way of life like this never occurred and you will not ever hear back again from me.

You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address: 14Fg5D24cxseFXQXv89PJCHmsTM74iGyDb

[CASE-SENSITIVE copy and paste it]

If you may be wondering about going to the authorities, good, this email can not be traced back to me. I have covered my actions. I am just not attempting to charge you very much, I only want to be compensated. I’ve a special pixel within this email, and now I know that you have read this e mail. You have one day to pay. If I do not get the BitCoins, I will definitely send out your video recording to all of your contacts including friends and family, colleagues, and many others. Nevertheless, if I do get paid, I’ll destroy the recording right away. It’s a non-negotiable offer, thus don’t waste mine time and yours by responding to this message. If you want to have evidence, reply with Yup! and I definitely will send your video to your 9 contacts.

This sextortion scam has been around for quite a while; the new twist is the use of real passwords. According to Krebs on Security, the scammers likely collected these passwords and emails from a data dump possibly dating back 10 years or more. Our own Malwarebytes researchers have been scouring various data dumps looking for the source of the breach, but so far have not found the smoking gun. The problem is that most users’ credentials have been swiped in one breach or another, if not multiple—if not dozens! So it’s difficult to triangulate and trace back to a single source.

The good news is, if you received one of these emails, you simply need only flag it as spam and delete. And if you’re suddenly worried about someone being able to see your nocturnal activities, you can buy a webcam cover for between $US5 and $10.

ABOUT THE AUTHOR


Lead Malware Intelligence Analyst

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.

What’s in the spam mailbox this week?

Can we trust our online project management tools?

Can we trust our online project management tools?

Posted: July 6, 2018 by  
Last updated: July 4, 2018

How would you feel about sharing confidential information about your company on Twitter or Facebook? That doesn’t sound right, does it? So, in a corporate life where we keep our work calendars online, and where we work together on projects using online flow-planners and online project management software, it might pay off to wonder whether the shared content is safe from prying eyes.

What are we looking at?

From the easy-to-use shared document on Google Drive to full-fledged Trello boards that we use to manage complicated projects—basically everything that uses the cloud as a server is our subject here. When evaluating your online project management tools, it is important from a security standpoint to have an overview of:

  • Which online project management platforms are you using?
  • Which data are you sharing on which platforms?
  • Who has access to those data?

Once you know this, you can move on to the main question:

  • Is the data that should stay confidential shielded well enough?

What are the risks?

The risks of using online project management tools are made up of several elements. Once again, a list of questions will help you gage this, including:

  • How secure is the platform you are using?
  • Do the people that have access to the data need to have access? And are they given access to see allthe information that is shared, or just a portion?

As you can see, we are not just worrying about outsiders getting ahold of information. Sometimes, we must keep secrets, even from our own co-workers. Not every company has an open salary policy, for example, so the information how much everyone makes might not be allowed outside of HR.

But the threat of a breach is the most important one. Having the competition know about the latest project your design team is working on can be deadly in some industries. And of course, any project that contains customer data and is not secured can be breached by a cybercriminal. Knowing this, it’s our job to help you find the safest possible tool to perform your job.

Does it make sense to share online?

Are we sharing information online because we need to do it online or just because we can? Sometimes being the cool kids that use an online project management platform that has all the bells and whistles is more a matter of convenience than it is strictly necessary. But if you are:

  • employing remote workers
  • cooperating between offices around the world
  • heavily relying on a BYOD strategy

then online tools maybe the only way to realize your project management goals.

Every ounce of prevention

What you don’t share can’t get lost. And control over what you do share (and with whom) is adamant.

  • Limit the amount of privileged information you are sharing. Make sure that only the information needed for the project is being shared with the appropriate team members.
  • Change the login credentials at a regular interval, and do this in a non-predictable way. Going from “passwordMay” to “passwordJune” at the end of the month will not stop nosy co-workers from digging. Do not post the new credentials on the platform, either.
  • Use 2FA where and if possible to enhance login security.
  • Update and patch the software as soon as possible. This limits the risk of anyone abusing a published vulnerability in the platform.
  • Keep tally of who is supposed to have access at all times, and check this against the connected devices when and if you can.

Breach management

Hardening your online tools against breaches is usually in the hands of toolmakers themselves—the software provider or the cloud service provider with whom you’ve partnered. Therefore, it makes sense to look into the project management tool’s reputation for security, as well as its ability to serve your company’s needs. While you can’t control the security of the tool itself, you can limit the consequences of a mishap, should it occur, by doing the following:

  • Don’t try to keep it a secret when credentials have been found in the wrong hands. Making participants aware of the situation helps them to change passwords and follow up with other appropriate actions.
  • Make sure there are backups of important data. Someone with unauthorized access may believe in burning the bridges behind them.
  • In case of a breach, try your best to find out exactly how it happened. Was there a vulnerability in the tool? Did a team member open up a malicious attachment? This will assist you in preventing similar attacks.

Controlling the risks

Working in the cloud can be useful for project management, but sometimes we need a reminder that there are risks involved. If you set up an online project management tool or other cloud-based project, it’s good to be aware of these risks and give some thought to the ways you can limit them.

When you’re working on a project for your company—whether it’s leading a team or participating in the project’s development—it’s important to make data losses as rare as possible, to learn from your mistakes, and to handle breaches and other security incidents responsibly.

Stay safe out there!

 

ABOUT THE AUTHOR

  
Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

Can we trust our online project management tools?

Internet Safety Month: How to manage your child’s online presence

Internet Safety Month: How to manage your child’s online presence

Posted: June 28, 2018 by 

When you hear the term “reputation risk management,” you might think of a buzzword used in the business sector. Reputation risk management is a term used to describe how companies identify potential risks that may harm their reputation and mitigate them before they blow off.

As companies grow, so grows their public reputation. Heading potential PR disasters or credible crises off at the pass can keep organizations from losing revenue, confidence, and trust from their clients. Suffice it to say, putting your best foot forward and keeping it there is crucial.

Now, here’s a thought: If businesses know they have much to lose if their reputation is threatened, shouldn’t parents and guardians also consider that their children can lose out if their digital footprint is at risk?

To cap off Internet Safety Month, we’re going to ditch the buzzword in favor of a phrase that parents, teens, and young kids can easily grasp: You must manage your online presence. Before we delve into how parents and guardians can take charge, it is crucial that we first understand one thing when it comes to having a digital life:

Your online presence is your online reputation 

Our digital footprint starts the moment we or someone we know shares something about us online. This could be a solo or group photo, a Facebook status update, or a name mention in a Tweet. Even those who claim to be inactive on the Internet can still have an online presence, thanks to other people in their lives.

Our footprints don’t stop at our first “Hello, World!” though. The more we use the Internet, and the more we’re included in other people’s social media feeds, the more of our footprints are left for anyone online to see. These marks we leave behind can be collectively referred to as our online presence. How we present ourselves to and conduct ourselves in the digital world affects how people perceive us online—now and in the future.

Having an online presence, whether it’s a positive on negative one, affects our reputation—online and in the real world. If “Jane Doe” is known to exhibit behavior tantamount to bullying in a forum she frequents, she already has a bad reputation in that community. Who she is and how she behaves in that community can also spill over to other online forum communities as well.

There are consequences for bad behavior online. She may be blocked from those communities. Or worse, someone may Google her name and become aware of her bullying behavior online. She could feel the impact of her negative actions in the workplace or beyond when coworkers or friends become aware that Doe is engaged in bullying in forums, they can assume that she has the tendency to bully people in real life as well.

Leaving only negative digital footprints online, then, has no longer become an option.

What you can tell your kids to manage their online presence

“Google yourself.” Maybe it has been a while since your kid started using the Internet, or you and your child are just curious of what might come up. (Hint: type your name in quotes) Either way, it’s advisable to look up where your name, public posts, and/or photos end up every now and then.

If your child has a common name, you can further add modifiers (like the school they go to or city/state/town you live in). Just run many searches with varying modifier combinations and see what comes up. As for photos, you can use Google’s image and reverse image searches. To do the latter, go to the Google Image Search page and click the camera icon in the search bar. You can then paste the URL of an image you have of your child (in the first tab) or drag-and-drop to upload their picture (in the second tab), so Google can crawl the web in search for other copies of the one you just provided.

Google Image Search page processing the image you uploaded for reverse lock-up

Other things you can use to search for are email addresses, social media usernames, and phone numbers. You can also set up Google to alert you if other information about your child (like their name) pops up on the Internet at some point in the future.

“Watch out for information you don’t want made public.” It’s possible that you may have already stumbled upon a few pieces of information or pictures you or your child may not want online, or at least visible to the public. This information may have been put up years ago or yesterday.

Posts can be easily removed on sites you or your child can control, such as Facebook and Twitter. But for third-party sites, it may need a bit of legwork. For copyrighted material such as photos, you can contact the site owners and reference the Digital Millennium Copyright Act (DMCA) [PDF]. As the parent or responsible adult, you may also need to contact each website that has information about your child that you don’t want there.

It’s also time to review those security and privacy settings of your child’s accounts to see if there has been a policy update or if you need to modify additional settings.


Read: Internet Safety Month: How to protect your child’s privacy online


“Start cleaning up your online act.” A good starting point will be teaching them good computing and Internet practices, if you haven’t already. We have various references of how one can do this here on the Malwarebytes Labs blog. So to avoid reinventing the wheel, below are the links you may want to visit and read up on:

The work doesn’t stop here, though. Parents and guardians should also put great emphasis on kindness, understanding, and patience when they treat or deal with other Internet users. Hiding behind the screen shouldn’t merit one to forgo these values.

Lastly, impress in them the idea of thinking first before posting anything. Online, it’s easy enough for anyone to misconstrue what one is trying to say because cues like facial expressions and body language are non-existent. A flippant joke or a sarcastic remark could start a flame war. Even an innocent post can sometimes get someone else in trouble.

“Deactivate/Delete accounts you’re no longer using.” This may seem obvious, but at times, accounts that are no longer used are left active for an indefinite and extended period because your child may have decided to use another account, or wholly avoided people in a particular online community. The latter is one of the best reasons why your child’s account should be deactivated. This is especially helpful if, for example, your child was caught in a crossfire between warring parties and one group started targeting him or her via that account. Save everyone the headache (and the insanity) and deactivate the account.

In a perfect world…

…every Internet user would be sharing all of their achievements, and everyone would be applauding. Every Internet user would be encouraging everyone who needs encouraging. Every Internet user would be honest, civil, and tactful. Every Internet user would be sharing photos of only their best, wholesome selfies, their cats, and funny GIFs.

But this isn’t a perfect world. Someone will always say something that another may find offensive. Someone will put someone else down, talk in Caps Lock, and share photos of their wild partying or of a drunk friend who passed out on a sidewalk. In the end, realize that there is data online about someone that puts them in a bad light. Your child may not be exempted. So help them take control and guide them on how to be more responsible with what they share now and in the future.

Good luck!

 

ABOUT THE AUTHOR


Malware Intelligence Analyst

Technical writer, researcher, and marketing fellow fascinated by psychology, architecture, and supercars. A habitual night owl.

Internet Safety Month: How to manage your child’s online presence

Pin It on Pinterest

Shares
Share This