In last week’s GKIS article, “How Teens Overshare,” we covered the ways kids intentionally and unintentionally share location information on social media and how to prevent this safety risk. In today’s article, we detail how cybercriminals victimize teens and offer more helpful information on how to get your kids internet safe.
Cyberstalkers
Cyberstalkers are predators who track online information to extort or harass, create cybercrimes like hacking or identity theft, or intercept a victim offline. Cyberstalkers can be complete strangers or people your teen may already be acquainted with.
Hackers
Hackers are predators who steal usernames, passwords, and personal information to gain access to a victim’s screen device. Once they can access, they can still further data, change or destroy information, install malware, and even take over the device’s camera.[1] Data can then be sold to other criminals on the dark web or be used for identity theft to take out loans and credit cards in your name.
Phishing
Phishing is a cybercrime in which a victim is contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data. Phishing can also occur through websites and social media.[2] Dr. Bennett notes in her book, Screen Time in the Mean Time that the sensitive information obtained by phishing is often used for online login information such as usernames and passwords, bank account and credit card information, and even identity theft.
The most common example of phishing is email phishing. To email phish, the cybercriminal creates a fake domain that looks trustworthy and legitimate, then sends emails to potential victims asking them to click a link, download an attachment, or “update” their passwords.
To prevent your child from falling victim to online phishing, encourage them to only open emails, online messages, and text messages from trusted individuals and advise them to never click on any links or download attachments from an unusual or suspicious-looking email or message.
Identity Theft
According to The United States Department of Justice, “Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.”[5]
Cybercriminals often target younger individuals because children do not have bad credit (which is great for cybercriminals) and it is easy to keep it from being noticed until the child is older. In Dr. Bennett’s book, Screen Time in the Mean Time, she writes about a couple of children who were victims of identity theft.
Here are a few ways to protect your child from identity theft:
Install cybersecurity safeguards on phones, laptops, iPads, and any other device that need protection
Have family conversations about being wary of posting or sharing personal information online
Set up a virtual private network (VPN) to ensure the safety of your device(s)
Update passwords at least once a year and be sure that the new password does not include any information that may already be public such as, your teen’s name, age, pet’s name, or anything that could be easily guessed
Social Media Quizzes
Cybercriminals can also phish for information through social media by reviewing posts, asking questions, or offering an online quiz with targeted questions. Quiz questions to avoid include any that ask for your (or your mother’s) maiden name, your favorite color, the street you grew up on, your pets’ names, the first car you owned, or your best friend’s name.
The answers to these questions are often security answers on websites. With security information, personal accounts can be accessed for malicious intent. To prevent cybercrimes, ask your teen to refrain from taking online quizzes or you can encourage them to only take online quizzes from a legitimate source. Teaching your teen to withhold sharing personal information that could pose a security risk is vital to ensure their online safety.
Cyber Blackmail
Once a cybercriminal obtains sensitive information, they may use it to coerce a victim further. According to the BBC, “Cyber-blackmail is the act of threatening to share information about a person to the public, their friends or family unless a demand is met or money is paid.”[3] Cyber blackmail can take many forms and the cybercriminals who commit this crime use different tactics to take advantage of their victims.
Cybercriminals may even say that they have explicit photographs, access to their victim’s phone and computer’s webcam, or even recordings of them from their personal devices. Some of those claims may be true or false, but either way, the cybercriminal uses fear and shame to get what they want.[4]
To help prevent your teen from becoming a victim of cyber-blackmail;
advise them to never share sexual images of themselves (the images can end up anywhere)
advise them to not accept friend requests from strangers
advise them to be wary of things they post, share, or message others online (what they say can very well be used against them in the future)
require your teen to have private social media accounts
For more information and safety tips, we highly recommend parents to purchase our Cybersecurity & Red Flags Supplement. Dr. B created this tool because parents in her clinical and coaching practices frequently asked her to teach their kids the red flags that may alert them to the tricks of online predators, hate groups, and cyberbullies. In this Supplement, she offers her clinical teaching list so you can educate your kids. Knowledge and assertiveness coaching are key elements of child resilience and good judgment online.
Also included in the supplement is Dr. B’s Online Safety Red Flags for Parents. This tool teaches parents what child behaviors to look for that may signal they are at risk – a tool she created from 25+ years of clinical practice. Being able to recognize behavioral red flags in your child may be the difference between stopping risk after one exposure versus not recognizing dangerous relationships and exposures until it’s too late.
Thanks to CSUCI intern, Remi Ali Khan for researching cybercrimes and cybersecurity for this article.
I’m the mom psychologist who will help you GetKidsInternetSafe.
Onward to More Awesome Parenting,
Tracy S. Bennett, Ph.D.
Mom, Clinical Psychologist, CSUCI Adjunct Faculty
Photo Credits
Photo by Gerd Altmann from Pixabay
Photo by B_A from Pixabay
Photo by Pixabay from Pexles
Photo by Tracy Leblanc
Works Cited
Bennett, T. (2017). Screen Time in the Mean Time: How to Get Kids and Teens Internet Safe.
Brant, E., & Butterly, A. (2013, September 20). Cyber-blackmail: How to keep safe and deal with it. BBC Newsbeat. http://www.bbc.co.uk/newsbeat/article/23724703/cyber-blackmail-how-to-keep-safe-and-deal-with-it.
Cyber Extortion: Ransomware vs Extortionware. Alpine Security. (2020, August 2). https://alpinesecurity.com/blog/cyber-extortion-ransomware-vs-extortionware/.
The Dangers of Hacking and What a Hacker. https://www.webroot.com/us/en/resources/tips-articles/computer-security-threats-hackers.
Identity Theft. The United States Department of Justice. (2017, February 7). https://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud.
KnowBe4. What Is Phishing? Phishing. https://www.phishing.org/what-is-phishing.
Kids are the number one target for identity theft due to the chances that the crime won’t be detected until the child reaches adulthood and seeks their first loan. This cybercrime involves the theft and fraudulent use of a child’s personal information (like name, social security number, address, and date of birth) to open lines of credit, take out loans, or access financial accounts. This scary issue is the drive behind developing our Cybersecurity and Red Flags Supplement, a comprehensive tool to detect online scams before the worst can happen. Find out more about cybercrime and what you can do to prevent it with this GKIS article.
Identity Theft
Identity theft can be used for many types of crimes, including:
taking out a loan
buying lines of credit
accessing the victim’s financial accounts
securing a driver’s license or employment or
seeking medical care.
Personal information can be stolen from virtual sources, like screen devices, websites, and email accounts, or in real life (IRL) from skimming information from your ATM card with a special device or stealing it from your home, wallet, trash, or mail.
Who is vulnerable?
Unsuspecting victims can be tricked into revealing private information by phishing scammers. These cybercriminals impersonate legitimate companies asking for passwords and credit information necessary to process a fake change of address form, application for credit, or to avoid an IRS tax lien or fake criminal charges.
Vulnerable populations include young people, the elderly, and immigrants or workers here on a visa.
Why is it important to check for identity theft?
Once discovered, it may take several costly months or even years to get credit and criminal records cleaned up and sorted out. Your child’s financial options may be blocked or delayed when deadlines, like college and employment, are most critical.
Can you imagine dealing with that in your overtasked, underfunded life? There are companies that offer cyber protective services and others that help you clean up the catastrophic results of cybercrime.
The Child Identity Theft Bill
In 2015, I received a phone call from Assemblymember Jacqui Irwin’s office asking for a statement about a Child Identity Theft bill (AB1553) that she is sponsoring. Asm. Irwin served as Chair of the Assembly Select Committee on Cybersecurity in Sacramento.
This bill served to “amend the Civil Code to require credit agencies to allow parents or guardians to create a new credit report for a minor child for the purpose of placing a security freeze on the child’s credit. Without a credit report to freeze, protection is difficult.” She was asking for my statement and support and wondering if I knew any child victims of identity theft.
After sending out an inquiry on my GetKidsInternetSafe Facebook page, it didn’t take long before I’d uncovered three victims who were willing to share their stories. Two involved child identity theft for financial cybercrime and the other involved identity theft on social media for cyberbullying. I’m sharing the financial theft stories to demonstrate how easy it is to become a victim and suggest steps you can take to protect your kids starting today.
Megan’s Story
My first respondent was a dad whose stepdaughter had recently graduated from nursing school. When the family went to their credit union in preparation for purchasing a car, they discovered that the stepdaughter’s credit report was pages and pages long with a sub-par (mid 5’s) credit rating.
It turned out that a criminal out of Phoenix had fraudulently opened several lines of credit with her social security number. From Sprint to multiple department stores, the crook had charged a debt of over $60,000. The family filed a police report to start the long process of calling creditors and clearing her name.
Although they had the criminal’s address, they elected not to press formal charges. When I spoke to the stepfather, he did not know whether the criminal was ever charged. He also said they never discovered how or when the fraud started, but it seemed to be a single party that may have gotten her personal information when she applied for a loan for nursing school.
The fraud seemed to stop once the credit agencies were notified, and an alert was placed on her account. Ultimately, it took the family over twenty hours of filing time plus another fifteen hours from a private credit fraud service to get her credit repaired. A year after the discovery, they had finally gotten her credit score back to the 700s with letters from the creditors with apologies. Nightmare!
Jose’s Story
The second identity fraud victim shared a truly tragic tale that has spanned over thirty years. Jose, who is 40 years old now, was 13 years old when he was first contacted by the IRS and told that he owed over $10,000 in back taxes. Despite all efforts to get clear of fraud, he still has issues like denied credit (including a first-time home buyer loan because it looked like he already owned properties) to two court-ordered paternity tests for mistaken-identity child support cases.
Jose also shared a story about being pulled over on an arrest warrant while he was on his way to becoming a priest. The officer said if it turned out he was lying about the fraud, he would arrest him and make him apologize directly to his lieutenant. He responded to the police officer that if HE was correct, the officer would have to go to church and apologize directly to his bishop. He laughed when he said the officer lived up to his promise.
Despite his resilient attitude, Jose has had to change phone numbers and bank accounts, can’t pay anything with checks, and has elected to put all property in his wife’s name. Considering the decades of victimization, he has had to endure, he goes to great lengths to protect his children’s personal information.
What can a parent do to avoid child identity theft?
Protect personal information at home with tools such as a locking mailbox, an in-home safe for storage, and a shredder for the disposal of personal documents.
Install cybersecurity safeguards on-screen media like passcodes and screensavers, firewalls, antivirus and encryption software, and secure passwords.
Educate your children about maintaining privacy and using discretion online. That means cautioning them about disclosing their name, address, school, date of birth, or any other personally identifying information in images (t-shirts with their school logo) or texting or posting. Geotagging on photos and social media should be turned off to hide location.
Setup up filtering and monitoring software and parent protection options like those from our Screen Safety Toolkit to block inappropriate contacts on the Internet and monitor your children’s activities, particularly in chat rooms, social media, texting, and instant messaging.
Teach your children about cybersecurity issues and skills to protect against hacking, phishing, and malware. Good habits include consistently downloading updates for security patches, using strong passwords and changing them often, and not clicking on embedded links or opening attachments from unknown sources.
If you are traveling…
Don’t post pictures that can reveal travel data, like boarding passes, passports, or travel or hotel vouchers. Not only can criminals benefit from knowing the details of your trip, but they may also read personal information from barcodes to steal your identity. The best option, wait until you’re home to post travel photos.
Avoid public WiFi. Hackers can access your private information using a man-in-the-middle attack (MITM). This means the criminal intercepts the link between your device and the server. This breach is like eavesdropping and can result in your private information being accessed and even altered. Malware can even be delivered to your device. A MITM attacker may set up a fake access point named similarly to the public network connection (called an “evil twin”) or engage in “packet sniffing” or “sidejacking,” which means using a tool to capture network traffic at the Ethernet frame level. Simple shoulder surfing at coffee shops or on airplanes can also result in privacy breaches. If you have to use public WiFi, practice situational awareness, and verify the WiFi name with staff at the public site. Avoid online tasks that involve private information like online banking or using private transaction information like date of birth, credit card numbers, tax IDs, or social security numbers. Always log out when using a hotspot to avoid the hacker continuing the session. Consider setting up a secure virtual private network (VPN) to encrypt inbound and outbound data. However, VPNs can decrease your bandwidth. Public WiFi may not be encrypted, but most major websites that use a password, like Amazon and PayPal, have encryption. If the URL has an “S” (for “secure”) at the end, as in HTTPS, then there’s some level of encryption.
Avoid using public computers for the same reasons it’s risky to use public WiFi. The software could be silently running in the background, thus capturing data from your online activities.
If your child is traveling with you, turn off location settings so criminals can’t intercept your location data and use it for targeted attacks. On Snapchat, this is called going “ghost mode.” Of course, if your child is on an independent walkabout, you may want to leave location services on so you can track them for safety.
Freeze your child’s credit.
Contact one of the three major credit card companies to see what kind of protection options they offer, like a credit freeze, which has been demonstrated to be one of the most effective strategies for preventing child identity theft. Each state has laws on how a credit freeze can be done. Remember, once a freeze has been implemented you must order a “thaw” on the account before applying for credit.
Equifax: This website explains what is needed to mail in the request. According to the person I spoke to there is no fee for minors.
Experian: This link explains what is needed to mail in the request. After 3 tries I gave up trying to upload the docs online. I couldn’t reach anybody, so I sent in a check for $10 plus 7.25% tax (Ventura County).
Transunion: I had better luck with Transunion when I called the number 888-909-8872. A polite and helpful representative informed me that neither of my minor children had credit files (a good start). He then offered the procedure necessary to get a free security freeze on my child’s account by mailing a letter with the following information:
Send in 2 pages: 1st page: Cover letter listing the minor info: full name, address, last four of social and file # (rep will give you) plus reason for security freeze (“Proactively protecting my child against fraud) plus requester info (parent): Full name, address, relationship. 2nd page: Official request in letter style format mentioning enclosure copy of minor’s social security card and birth certificate.
GetKidsInternetSafe was created to inform parents about proven preventative strategies before tragedy strikes. To get a head start today, check out my GKIS Connected Family Online Course.
Thanks to CSUCI intern, Remi Ali Khan for researching cybercrimes and cybersecurity for this article.
