By Gauri Bhasin, Student of Class – XII A, Delhi Public School, Pune
With the rapid digitization all over the world and children being introduced to a world full of wonderful things online but they are unaware of the threats to their security online, thus Cyber safety is a growing concern.
For all of those who don’t know what Cyber Safety is, it is the practice of defending computers (any electronic device that can store and process data), servers, network, and data in general from cyber-attacks. With almost all types of electronic devices connected to the Internet through Wi-Fi or 4G, protecting our information from cyber-attacks is more important than ever.
If you don’t know the threats of being online, let us take an example to understand the threats.
Imagine you wake up one fine morning and are rubbing the sleep off of your eyes and per usual open Instagram. However very unusually, it shows that you’ve been logged out of your account and is now displaying an error saying, “The username you entered doesn’t belong on to an account. Please try again.”
Confused, you re-enter your username and password carefully avoiding any typos, still it gives you the same error. Now, you may start thinking that something is wrong but at first you ignore it and think it’s probably a glitch form Instagram’s side. So you promptly get ready for school and before leaving home, you try to log in again. Nothing much has changed in half an hour. So you leave your phone and go to school. The worry about not being able to log into your account eats at you the whole day. Finally when you are back home, you quickly search up on google:
Question: I’m trying to log into Instagram but the site says my username doesn’t belong to an account. Does anyone know how to fix this?
Answer: Double-check that you’re spelling it correctly. Punctuation, capitalization, spelling, symbols. Everything. Copy and paste if you have to.
Still not working?
Try logging in with Facebook or Email instead.
Still not working?
Your account may have been disabled or banned (meaning you were reported for violating one or more of Instagram’s policy). If so, Make a new account, or contact the Instagram team. If it does, then try the first two options again. Still won’t work? Email the Instagram team.
So, finally as your last resort, you proceed to send an email to Instagram to find out what you can do to recover your account. That’s when you spot an email:
Hi @cyberdetective101,
We have taken over your account and have gotten access to your photos, friends, and information. If you do not respond by sending over $2,000 to this account by tonight, we will delete your account and sell your personal information.
Don’t try to contact Instagram for help because we have successfully changed all of your information and will be alerted if you try to restore your account and instantly delete it.
This is when you start to feel anxious and panicked. However, thankful that your parents saved their credit card information on your phone, you move forward to send them the ransom they have request of you.
Unfortunately, as soon as the transaction is complete, you realize that you’re too late to understand what had been going on and that you’ve fallen, yet again, into their trap. A message flashes on your screen
Your Phone Has Been Hacked!
All Actions on the device are tracked by a hacker.
Immediate Action is required!
You got a new email. You check it and it is another email from your hacker, it reads:
Hi @cyberdetective101,
We have now taken over your phone and have access to all of your photos, contacts, and information. If you do not respond by sending over $10,000 to this account by tonight, we will sell your personal information and contact all of your friends.
Your systems have been hacked and now you run the risk becoming a victim of identity fraud.
Horrifying, right?
This is why cyber safety is a major concern in today’s time. As a school going student, you may be aware of all social media and have accounts there, but you often forget the risks that you are exposed to.
If you’re still a middle school student, you may have a vague idea about threats online, but if you’re a high school student (9th grade+) you have a pretty clear idea about the above example, the example depicted hacking as well as potential Identity theft and of course it was sort of an example of ransomware (demanding money after hacking your account and acquiring your personal information.)
So basically what happened in the example above:
1. First the user got hacked.
Do you know what a hacker is? What do they look like? What do they do? From watching some movies you might imagine a man in a black hoodie in front of a lot of computers. (Fun Fact: did you know that about 20% of hackers are women?)
A hacker is someone who uses their computer programming knowledge to expose potential vulnerabilities in a computer system. While you may think a hacker is a bad person, many hackers actually work to defend computers and strengthen security measures against cyber criminals. This practice is called cyber security.
You may already be familiar with some famous attacks stemming from privacy leaks of celebrities, information release of sensitive information from governments, to crime shows on TV, or you may personally know someone who has faced a cyber-attack.
2. Next, they asked him/her for ransom in exchange for her private information. They told him/her that if he/she doesn’t pay them, they will sell all his/her personal data about friends and family etc. His/Her fault here was that she took an on-the-spot decision without considering its outcomes and naively paid them the ransom. Due to this, her whole device itself got hacked.
So, what would you do if you were in a situation as described above?
For starters, go to your parents or guardian and tell them about the problem you are facing.
Moreover, if a hacker was able to access your account, most likely this is due to a weak/vulnerable password. In more technical terms though, to avoid falling into this kind of a trap, here are some ways to prevent cyber thefts or criminal activities on or against you online:-
• Never use the same passwords for multiple accounts.
• Never save your password to your browser.
• Use a variety of characters in your password.
• Set up 2-Factor Authentication (2FA). To secure your accounts further turn on 2FA setting which forces to you log into accounts by password and verification through a trusted device, email, or security questions. This extra step goes a long way in securing your accounts.
• Change your passwords often.
Taking this example forward, Let’s see how the user also faced the cyber crime called Phishing.
In our story you may have chosen a path where you received a malicious email. This particular email is different from typical phishing emails and contains more directed instructions and information. This attack is called spear phishing since the email was directed specifically to a single user with specific instructions. By clicking the link in the email, it exposed the computer to malware, or malicious software that infects a computer. Let’s see what kind of a fake email the user got.
This particular email might look credible since the logo is correct and text styling matches with other Instagram communications. In setting up 2-Factor Authentication (2FA) your code should be sent in a separate email before you have successfully logged in. You may also notice the lack of space between the last sentences. These are very small but detailed indicators that this email is fake!
So what exactly is Phishing?
Phishing is often an email, text message, or pop-up message that appears to be from a well-known source and asks users to click on a link or provide sensitive information. These emails can appear to be from a bank, university credentials, various online accounts, etc. These links often lead users to unsecure websites where attackers may be able to gain access to your computer and continue with other malicious activity.
Here are some ways of identifying Phishing:
• Grammatical/Spelling Errors: Grammatical errors, some words misspelled or formatting is slightly incorrect
• Logo/Image Errors: Images is incorrect, an unofficial logo, the resolution, or image quality, low (are there fuzzy pixels)?
• URL Errors: Link different from the original/credible website, URL ends in .org instead of .com.
If you have identified a phishing email, here are some steps you can do to protect yourself from potential malicious attacks.
• Do not click any links. Phishing emails may click on links that install malware to your computers. Be sure to never click any of the links present in the email.
• Report the email. In many cases you should access the credible website in a new browser and notify the company of the suspicious email so that they can secure their websites.
• Never provide any personal information. Phishing emails are meant to gather additional information from the users to make their systems more vulnerable. In many cases the hacker has yet to secure any information other than your email.
• Change your password. After an attack, it is good practice to change your passwords to secure your accounts just in case.
Finally, after understanding some of the risks and threats you could face while you’re online, here are some ways to protect yourself from being a victim to these attacks:
• Ensure your passwords are strong and secure. Change them at least every 3 months.
• Download antivirus/Malware software. You may have malware on your computer already and do not know! Some free antivirus/malware software we suggest includes Kaspersky, Avast, Malware bytes. Be sure to have this software run automatically so that you are checking your computer for malware often.
• Always download the latest systems update. While updating your computers may take time, it is worth it since these updates often include preventative measures to protect your information.
• Never share personal information. You should be selective when sharing personal information, which may include your name, birthday, location, phone number, etc.
• Educate others! While many people may be aware of different cyber security threats, most people take few precautions to secure their computers. Share your knowledge of the importance of cyber security and how to secure computers and accounts with your friends and family.
To conclude, Cyber Safety has a lot to offer and it is highly recommended that children make themselves familiar with the different kinds of criminal and fraudulent activities that could take place against them and how to deal with them if they arise.