Teens and children today spend a vast amount of time online. From school projects to social media, Common Sense Media estimates that, tweens, ages 8 to 12, spend an average of six hours online, and older teens spend even more.
With students spending so much of their lives online, it’s important they understand the potential risks that come along with it, particularly phishing. Phishing is one of the many cyber threats that can impact a school – ransomware has also been a growing issue. In 2019, over 500 schools fell victim to ransomware attacks and 400 schools also experienced phishing attacks.
“Phishing is the fraudulent practice of sending emails purporting to be from legitimate companies to induce individuals to disclose private data, such as passwords and other sensitive information,” explained Tom Cameron, SLED Senior Sales Engineer at Cylance.
Schools house personal data that hackers look for. These growing attacks highlight the need for cyber education as well as a stronger cybersecurity posture in schools. With limited resources and usually an even smaller IT department, schools must look towards technology and education to keep students and data safe.
“You need to think like an attacker so that you can provide employee training around phishing and the dangers it presents. This may be time consuming but cleaning up after a breach is far more so,” he said.
K-12 schools should stay aware of threat trends. In a recent blog, Ayla Madison, a teen from ISECOM’s Hacker Highschool project, shared her thoughts on phishing and the three surprising ways teens are getting hacked that schools should take into consideration.
“The fact that a phisher could imitate exactly what the login information page looked like was a shock to my schoolmates and, to be fair, to me too,” she said referencing a spam Instagram page.
Today, hackers are stealthy. They can create pages that look almost identical to the original luring in teens. Another social scam that Madison shared were apps that promise to increase followers and engagement on social accounts but instead steal the valuable information that is housed inside.
Video Game Rewards
“A while back, many people played the game Episode and would spend lots of money on gems and tickets, which made the game more fun,” Ayla explained. “Phishers knew this, and around 2016 many videos were uploaded to YouTube claiming that there was a website that could hack the game for you and get you unlimited free gems and tickets. Supposedly this was safe and perfectly legal.”
However, that was far from the case. Ayla herself even clicked one of the links promising unlimited rewards. Once she saw that the rewards required personal information like name and address, she knew to get out.
“Long story short, phishers can easily take advantage of teens by exploiting their desire for free items for their favorite games,” she said. “Certainly, this could catch out adults too, but several studies demonstrated that teens and young adults are far more likely not to exercise caution and fall for trips like this, especially because we have this unrealistic sense of what is trustworthy and what isn’t.”
You might think it would be easy to spot a phishing email by design or language. “But a phisher determined to access your online info would study all of these things beforehand, so just by letting our gut tell us if it’s our friend or not is what gets us in the trap in the first place,” Ayla explained.
“Using a fake email most definitely is a good way to get teens to give all sorts of information to the phisher, just because we prefer to trust our gut rather than using actual research on the cause,” Madison added.
Teens are shown to be extremely vulnerable to phishing scams. It’s important for teachers, mentors, and parents to discuss safe online practices with teens.
Interested in learning more? Click here.