Category Archives: facebook

5 Hidden Hashtag Risks Every Parent Needs Know

Adding hashtags to a social post has become second nature. In fact, it’s so common, few of us stop to consider that as fun and useful as hashtags can be, they can also have consequences if we misuse them.

But hashtags are more than add-ons to a post, they are power tools. In fact, when we put the pound (#) sign in front of a word, we turn that word into a piece of metadata that tags the word, which allows a search engine to index and categorize the attached content so anyone can search it. Looking for advice parenting an autistic child? Then hashtags like #autism #spectrum, or #autismspeaks will connect you with endless content tagged the same way.

Hashtags have become part of our lexicon and are used by individuals, businesses, and celebrities to extend digital influence. Social movements — such as #bekind and #icebucketchallenge — also use hashtags to educate and rally people around a cause. However, the power hashtags possess also means it’s critical to use them with care. Here are several ways people are using hashtags in harmful ways.

5 hidden hashtag risks

Hashtags can put children at risk. Unfortunately, innocent hashtags commonly used by proud parents such as #BackToSchool, #DaddysGirl, or #BabyGirl can be magnets for a pedophile. According to the Child Rescue Coalition, predators troll social media looking for hashtags like #bathtimefun, #cleanbaby, and #pottytrain, to collect images of children. CRC has compiled a list of hashtags parents should avoid using.

Hashtags can compromise privacy. Connecting a hashtag to personal information such as your hometown, your child’s name, or even #HappyBirthdayToMe can give away valuable pieces of your family’s info to a cybercriminal on the hunt to steal identities.

Hashtags can be used in scams. Scammers can use popular hashtags they know people will search to execute several scams. According to NBC News, one popular scam on Instagram is scammers who use luxury brand hashtags like #Gucci or #Dior or coded hashtags such as #mirrorquality #replica and #replicashoes to sell counterfeit goods. Cybercriminals will also search hashtags such as #WaitingToAdopt to target and run scams on hopeful parents.

Hashtags can have hidden meanings. Teens use code or abbreviation hashtags to reference drugs, suicide, mental health, and eating disorders. By searching the hashtag, teens band together with others on the same topic. Some coded hashtags include: #anas (anorexics) #mias (bulimics) #sue (suicide), #cuts (self-harm), #kush and #420 (marijuana).

Hashtags can be used to cyberbully. Posting a picture on a social network and adding mean hashtags is a common way for kids to bully one another. They use hashtags such as #whatnottowear, #losr, #yousuck, #extra, #getalife, #tbh (to be honest) and #peoplewhoshouldoffthemselves on photo captions bully or harass peers. Kids also cyberbully by making up hashtags like #jackieisacow and asking others to use it too. Another hashtag is #roastme in which kids post a photo of themselves and invite others to respond with funny comments only the humor can turn mean very quickly.

When it comes to understanding the online culture, taking the time to stay informed, pausing before you post, and trusting your instincts are critical. Also, being intentional to monitor your child’s social media (including reviewing hashtags) can help you spot potential issues such as bullying, mental health problems, or drug abuse.

The post 5 Hidden Hashtag Risks Every Parent Needs Know appeared first on McAfee Blogs.

France and Germany will block Facebook’s Libra cryptocurrency

Bad news for Facebook and its projects, France and Germany agreed to block Facebook’s Libra cryptocurrency, the French finance ministry said.

France and Germany governments announced that they will block Facebook’s Libra cryptocurrency, the news was reported by French finance ministry Bruno Le Maire.

“We believe that no private entity can claim monetary power, which is inherent to the sovereignty of nations”. reads a joint statement issued by the two governments,

“I want to be absolutely clear: in these conditions, we cannot authorise the development of Libra on European soil.” he said at a conference in Paris on virtual currencies.

French Finance Minister Bruno Le Maire explained last week the Facebook should not be allowed to operate the Libra cryptocurrency in Europe because it threatens the monetary sovereignty and financial systems of the states.

Facebook Libra cryptocurrency
Source: Coindesk.com

Facebook announced in June that it plans to launch Libra in 2020, to make it reliable the social network giant wants to use traditional currency to back Libra. 

The non-profit Libra Association include major firms such as PayPal, Visa, Stripe, Mastercard, eBay, and Uber. 

“Unlike other cryptocurrencies, which are not controlled by a central authority, Libra will not be decentralised, but will be entrusted to a Swiss-based association of major technology and financial services companies. Besides Facebook, backers of Libra include the payment companies Visa, MasterCard and PayPal, and the ride-hailing apps Lyft and Uber.” reported The Guardian.

Authorities also fear possible abuses of the Libra cryptocurrency, including money laundering, and how Facebook would prevent them.

Pierluigi Paganini

(SecurityAffairs – Facebook, cryptocurrency)

The post France and Germany will block Facebook’s Libra cryptocurrency appeared first on Security Affairs.

A bug in Instagram exposed user accounts and phone numbers

Facebook addressed a vulnerability in Instagram that could have allowed attackers to access private user information.

The security researcher @ZHacker13 discovered a flaw in Instagram that allowed an attacker to access account information, including user phone number and real name.

ZHacker13 discovered the vulnerability in August and reported the issue to Facebook that asked for additional time to address the issue. The social network giant has finally fixed the flaw.

“In putting this article together, I had the security researcher run tests on the platform and he successfully retrieved “secure” user data I know to be real. This data included users’ real names, Instagram account numbers and handles, and full phone numbers.” reads a post published by Forbes. “The linking of this data is all an attacker would need to target those users. It would also enable automated scripts and bots to build user databases that could be searched, linking high-profile or highly-vulnerable users with their contact details.”

The expert also warns that attackers could use automated scripts and bots to collect user data from the platform, linking users with their contact details.

Just a week before ZHacker13 disclosed the bug, phone numbers associated with 419 million accounts of the social network giant were exposed online.

It is not clear if the two incidents could have the same root cause.

“I found a high vulnerability on Instagram that can cause a serious data leak,” @ZHacker13 told to Forbes. “The vulnerability is still active—and it looks like Facebook are not very serious about pathing it.” Exploiting this vulnerability would enable an attacker using an army of bots and processors to build a searchable/ attackable database of users, bypassing protections protecting that data.”

The expert explained that he discovered by flaw by using the platform’s contact importer in combo with a brute-force attack on its login form.

The attack scenarios is composed of two steps:

  • The attacker carries out a brute force attack on Instagram’s login form, checking one phone number at a time for those linked to a live Instagram account.
  • The attacker finds the account name and number linked to the phone number by exploiting Instagram’s Sync Contacts feature.

A Facebook spokesman explained that his company modified the contact importer in Instagram to address the flaw.

we have changed the contact importer on Instagram to help prevent potential abuse. We are grateful to the researcher who raised this issue, and to the entire research community for their efforts.” said the spokesman.

Facebook, after initial resistance, confirmed it is evaluating to reward @ZHacker13 for reporting the bug as part of its bug bounty program.

“Facebook had also told @ZHacker13 that although the vulnerability was serious, there was internal awareness of the issue and so it was not eligible for a reward under the bounty scheme.” continues the post. “This would have set a terrible precedent and disincentivized researchers from coming forwards with similar vulnerabilities. I questioned Facebook on its decision, and the company reconsidered and told me it has “reassessed” the discovery of the bug and would reward the researcher after all. “

Facebook pointed out that there is no evidence that any user data has been abused by threat actors.  

Pierluigi Paganini

(SecurityAffairs – Instagram, hacking)

The post A bug in Instagram exposed user accounts and phone numbers appeared first on Security Affairs.

Are Cash Transfer Apps Safe to Use? Here’s What Your Family Needs to Know

cash appsI can’t recall the last time I gave my teenage daughter cash for anything. If she needs money for gas, I Venmo it. A Taco Bell study break with the roommates? No problem. With one click, I transfer money from my Venmo account to hers. She uses a Venmo credit card to make her purchase. To this mom, cash apps may be the best thing to happen to parenting since location tracking became possible. But as convenient as these apps may be, are they safe for your family to use?

How do they work?

The research company, eMarketer, estimates that 96.0 million people used Peer-to-Peer (P2P) payment services this year (that’s 40.4% of all mobile phone users), up from an estimated 82.5 million last year.

P2P technology allows you to create a profile on a transfer app and link your bank account or credit card to it. Once your banking information is set up, you can locate another person’s account on the app (or invite someone to the app) and transfer funds instantly into their P2P account (without the hassle of getting a bank account number, email, or phone number). That person can leave the money in their app account, move it into his or her bank account, or use a debit card issued by the P2P app to use the funds immediately. If the app offers a credit card (like Venmo does), the recipient can use the Venmo card like a credit card at retailers most anywhere. 

Some of the more popular P2P apps include Venmo, Cash App, Zelle, Apple Pay, Google Wallet, PayPal.me, Facebook Messenger, and Snapcash, among others. Because of the P2P platform’s rapid growth, more and more investors are entering the market each day to introduce new cash apps, which is causing many analysts to speculate on need for paper check transactions in the future.

Are they safe?

While sending your hard-earned money back and forth through cyberspace on an app doesn’t sound safe, in general, it is. Are there some exceptions? Always. 

Online scam trends often follow consumer purchasing trends and, right now, the hot transaction spot is P2P platforms. Because P2P money is transferred instantly (and irreversibly), scammers exploit this and are figuring out how to take people’s money. After getting a P2P payment, scammers then delete their accounts and disappear — instantly

In 2018 Consumer Reports (CR) compared the potential financial and privacy risks of five mobile P2P services with a focus on payment authentication and data privacy. CR found all the apps had acceptable encryption but some were dinged for not clearly explaining how they protected user data. The consumer advocacy group ranked app safety strength in this order: Apple Pay, Venmo, Cash App, Facebook Messenger, and Zelle. CR also noted they “found nothing to suggest that using these products would threaten the security of your financial and personal data.”

While any app’s architecture may be deemed safe, no app user is immune from scams, which is where app safety can make every difference. If your family uses P2P apps regularly, confirm each user understands the potential risks. Here are just a few of the schemes that have been connected to P2P apps.

cash apps

Potential scams

Fraudulent sellers. This scam targets an unassuming buyer who sends money through a P2P app to purchase an item from someone they met online. The friendly seller casually suggests the buyer “just Venmo or Cash App me.” The buyer sends the money, but the item is never received, and the seller vanishes. This scam has been known to happen in online marketplaces and other trading sites and apps.

Malicious emails. Another scam is sending people an email telling them that someone has deposited money in their P2P account. They are prompted to click a link to go directly to the app, but instead, the malicious link downloads malware onto the person’s phone or computer. The scammer can then glean personal information from the person’s devices. To avoid a malware attack, consider installing comprehensive security software on your family’s computers and devices.

Ticket scams. Beware of anyone selling concert or sporting event tickets online. Buyers can get caught up in the excitement of scoring tickets for their favorite events, send the money via a P2P app, but the seller leaves them empty-handed.

Puppy and romance scams. In this cruel scam, a pet lover falls in love with a photo of a puppy online, uses a P2P app to pay for it, and the seller deletes his or her account and disappears. Likewise, catfish scammers gain someone’s trust. As the romantic relationship grows, the fraudulent person eventually asks to borrow money. The victim sends money using a P2P app only to have their love interest end all communication and vanish.  

P2P safety: Talking points for families

Only connect with family and friends. When using cash apps, only exchange money with people you know. Unlike an insured bank, P2P apps do not refund the money you’ve paid out accidentally or in a scam scenario. P2P apps hold users 100% responsible for transfers. 

Verify details of each transfer. The sender is responsible for funds, even in the case of an accidental transfer. So, if you are paying Joe Smith your half of the rent, be sure you select the correct Joe Smith, (not Joe Smith_1, or Joe Smithe) before you hit send. There could be dozens of name variations to choose from in an app’s directory. Also, verify with your bank that each P2P transaction registers.

Avoid public Wi-Fi transfers. Public Wi-Fi is susceptible to hackers trying to access valuable financial and personal information. For this reason, only use a secure, private Wi-Fi network when using a P2P payment app. If you must use public Wi-Fi, consider using a Virtual Private Network (VPN).

cash apps

Don’t use P2P apps for business. P2P apps are designed to be used between friends and include no-commercial-use clauses in their policies. For larger business transactions such as buying and selling goods or services use apps like PayPal. 

Lock your app. When you have a P2P app on your phone, it’s like carrying cash. If someone steals your phone, they can go into an unlocked P2P app and send themselves money from your bank account. Set up extra security on your app. Most apps offer PINs, fingerprint IDs, and two-factor authentication. Also, always lock your device home screen.

Adjust privacy settings. Venmo includes a feed that auto shares when users exchange funds, much like a social media feed. To avoid a stranger seeing that you paid a friend for Ed Sheeran tickets (and won’t be home that night), be sure to adjust your privacy settings. 

Read disclosures. One way to assess an app’s safety is to read its disclosures. How does the app protect your privacy and security? How does the app use your data? What is the app’s error-resolution policy? Feel secure with the app you choose.

We’ve learned that the most significant factor in determining an app’s safety comes back to the person using it. If your family loves using P2P apps, be sure to take the time to discuss the responsibility that comes with exchanging cash through apps. 

The post Are Cash Transfer Apps Safe to Use? Here’s What Your Family Needs to Know appeared first on McAfee Blogs.

Attention Facebook Users: Here’s What You Need to Know About the Recent Breach

With over 2.4 billion monthly active users, Facebook is the biggest social network worldwide. And with so many users come tons of data, including some personal information that may now potentially be exposed. According to TechCrunch, a security researcher found an online database exposing 419 million user phone numbers linked to Facebook accounts.

It appears that the exposed server wasn’t password-protected, meaning that anyone with internet access could find the database. This server held records containing a user’s unique Facebook ID and the phone number associated with the account. In some cases, records also revealed the user’s name, gender, and location by country. TechCrunch was able to verify several records in the database by matching a known Facebook user’s phone number with their listed Facebook ID. Additionally, TechCrunch was able to match some phone numbers against Facebook’s password reset feature, which partially reveals a user’s phone number linked to their account.

It’s been over a year since Facebook restricted public access to users’ phone numbers. And although the owner of the database wasn’t found, it was pulled offline after the web host was contacted. Even though there has been no evidence that the Facebook accounts were compromised as a result of this breach, it’s important for users to do everything they can to protect their data. Here are some tips to keep in your cybersecurity arsenal:

  • Change your password. Most people will rotate between the same three passwords for all of their accounts. While this makes it easier to remember your credentials, it also makes it easier for hackers to access more than one of your accounts. Try using a unique password for every one of your accounts or employ a password manager.
  • Enable two-factor authentication. While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Facebook Users: Here’s What You Need to Know About the Recent Breach appeared first on McAfee Blogs.

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

As much as I love this one friend of mine, nothing is private when we’re together. You probably have a friend like this. The relationship is really great so you stay friends despite all, but this particular friend simply cannot know something about you without sharing it with others no matter how hard you try to get them to understand it’s totally uncool. 

Facebook Is an Open Book

They did it again this week with news that 419 million records, including phone numbers and user IDs, were scraped from Facebook and stored in a database that was just sitting online accessible to anyone who might like to peruse it. More than 130 million of those compromised by the discovery were American users. Another 18 million were UK users. A whopping 50 million hailed from Vietnam. 

Facebook later claimed about half that number were affected, or 220 million records. 

The information is at least a year old, which was when Facebook stopped allowing developers to have user phone numbers. So, we can call this a Facebook privacy facepalm legacy attack. It’s a sad state of Facebook privacy news fatigue that the urge is so strong to create privacy fail sub-categories—but there you have it. Introducing the legacy fail. 

Why It Matters

Some of the information out there was granular enough to allow a variety of scams, but the most serious is SIM-card swapping scams, where a criminal, armed with enough information about you, and most crucially your phone number, arranges to have your number moved to a phone in the criminal’s possession. 

Once the number has been transferred, the criminal has control of any accounts that are identified by caller ID (including many financial institutions) as well as any accounts protected by two-factor authentication. It is believed this was the method used to recently hack Jack Dempsey’s Twitter account. 

What You Can Do

Assume that you are a target, and tighten your protections. Your phone provider will have tips on the best practices to avoid SIM-card attacks, and common sense can be your guide regarding any unexpected phone calls, and practice the Three Ms:

Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t over-share on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and freeze your credit.

Monitor your accounts. Check your credit report religiously, keep track of your credit score, review major accounts daily if possible. (You can check two of your credit scores for free every month on Credit.com.) If you prefer a more laid back approach, see No. 5 above.

Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises–oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions and employers.

The post Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed appeared first on Adam Levin.

Hundreds of millions of Facebook users’ phone numbers found lying around on the internet

A security researcher found a server on the internet containing more than 419 million records related to Facebook users.

No password protection was in place – meaning the treasure trove of phone numbers was available to literally anybody with an internet connection.

Read more in my article on the Tripwire State of Security blog.

Chinese deepfake app Zao sparks privacy row after going viral

Critics say face-swap app could spread misinformation on a massive scale

A Chinese app that lets users convincingly swap their faces with film or TV characters has rapidly become one of the country’s most downloaded apps, triggering a privacy row.

Related: The rise of the deepfake and the threat to democracy

In case you haven't heard, #ZAO is a Chinese app which completely blew up since Friday. Best application of 'Deepfake'-style AI facial replacement I've ever seen.

Here's an example of me as DiCaprio (generated in under 8 secs from that one photo in the thumbnail) pic.twitter.com/1RpnJJ3wgT

Continue reading...

How to Spring Clean Your Digital Life

With winter almost gone, now is the perfect time to start planning your annual spring clean. When we think about our yearly sort out, most of us think about decluttering our chaotic linen cupboards or the wardrobes that we can’t close. But if you want to minimise the opportunities for a hacker to get their hands on your private online information then a clean-up of your digital house (aka your online life) is absolutely essential.

Not Glamourous but Necessary

I totally accept that cleaning up your online life isn’t exciting but let me assure you it is a must if you want to avoid becoming a victim of identity theft.

Think about how much digital clutter we have accumulated over the years? Many of us have multiple social media, messaging and email accounts. And don’t forget about all the online newsletters and ‘accounts’ we have signed up for with stores and online sites? Then there are the apps and programs we no longer use.

Well, all of this can be a liability. Holding onto accounts and files you don’t need exposes you to all sorts of risks. Your devices could be stolen or hacked or, a data breach could mean that your private details are exposed quite possibly on the Dark Web. In short, the less information that there is about you online, the better off you are.

Digital clutter can be distracting, exhausting to manage and most importantly, detrimental to your online safety. A thorough digital spring clean will help to protect your important, online personal information from cybercriminals.

What is Identity Theft?

Identity theft is a serious crime that can have devastating consequences for its victims. It occurs when a person’s personal information is stolen to be used primarily for financial gain. A detailed set of personal details is often all a hacker needs to access bank accounts, apply for loans or credit cards and basically destroy your credit rating and reputation.

How To Do a Digital Spring Clean

The good news is that digital spring cleaning doesn’t require nearly as much elbow grease as scrubbing down the microwave! Here are my top tips to add to your spring-cleaning list this year:

  1. Weed Out Your Old Devices

Gather together every laptop, desktop computer, tablet and smartphone that lives in your house. Now, you need to be strong – work out which devices are past their use-by date and which need to be spring cleaned.

If it is finally time to part ways with your first iPad or the old family desktop, make sure any important documents or holiday photos are backed up in a few places (on another computer, an external hard drive AND in cloud storage program such as Dropbox and or iCloud) so you can erase all remaining data and recycle the device with peace of mind. Careful not to get ‘deleting’ confused with ‘erasing,’ which means permanently clearing data from a device. Deleted files can often linger in a device’s recycling folder.

  1. Ensure Your Machines Are Clean!

It is not uncommon for viruses or malware to find their way onto your devices through outdated software so ensure all your internet-connected devices have the latest software updates including operating systems and browsers. Ideally, you should ensure that you are running the latest version of apps too. Most software packages do auto-update but please take the time to ensure this is happening on all your devices.

  1. Review and Consolidate Files, Applications and Services

Our devices play such a huge part in our day to day lives so it is inevitable that they become very cluttered. Your kids’ old school assignments, outdated apps and programs, online subscriptions and unused accounts are likely lingering on your devices.

The big problem with old accounts is that they get hacked! And they can often lead hackers to your current accounts so it’s a no-brainer to ensure the number of accounts you are using is kept to a minimum.

Once you have decided which apps and accounts you are keeping, take some time to review the latest privacy agreements and settings so you understand what data they are collecting and when they are collecting it. You might also discover that some of your apps are using far more of your data than you realised! Might be time to opt-out!

  1. Update Passwords and Enable Two-Factor Authentication

As the average consumer manages a whopping 11 online accounts – social media, shopping, banking, entertainment, the list goes on – updating our passwords is an important ‘cyber hygiene’ practice that is often neglected. Why not use your digital spring cleaning as an excuse to update and strengthen your credentials?

Creating long and unique passwords using a variety of upper and lowercase numbers, letters and symbols is an essential way of protecting yourself and your digital assets online. And if that all feels too complicated, why not consider a password management solution? Password managers help you create, manage and organise your passwords. Some security software solutions include a password manager such as McAfee Total Protection.

Finally, wherever possible, you should enable two-factor authentication for your accounts to add an extra layer of defense against cyber criminals. Two-factor authentication is where a user is verified by opt-out password or one-off code through a separate personal device like a smart phone.

Still not convinced? If you use social media, shop online, subscribe to specialist newsletters then your existence is scattered across the internet. By failing to clean up your ‘digital junk’ you are effectively giving a set of front door keys to hackers and risking having your identity stolen. Not a great scenario at all. So, make yourself a cuppa and get to work!

Til Next Time

Alex xx

 

 

 

 

The post How to Spring Clean Your Digital Life appeared first on McAfee Blogs.

Clicks & Cliques: How to Help Your Daughter Deal with Mean Girls Online

According to a new report released by the National Center for Education Statistics (NCES), mean girls are out in force online. Data shows that girls report three times as much harassment online (21%) as boys (less than 7%). While the new data does not specify the gender of the aggressors, experts say most girls are bullied by other girls.

With school back in full swing, it’s a great time to talk with your kids — especially girls — about how to deal with cyberbullies. Doing so could mean the difference between a smooth school year and a tumultuous one.

The mean girl phenomenon, brought into the spotlight by the 2004 movie of the same name, isn’t new. Only today, mean girls use social media to dish the dirt, which can be devastating to those targeted. Mean girls are known to use cruel digital tactics such as exclusion, cliques, spreading rumors online, name-calling, physical threats, sharing explicit images of others, shaming, sharing secrets, and recruiting others to join the harassment effort.

How parents can help

Show empathy. If your daughter is the target of mean girls online, she needs your ears and your empathy. The simple, powerful phrase, “I understand,” can be an instant bridge builder. Parents may have trouble comprehending the devastating effects of cyberbullying because they, unlike their child, did not grow up under the threat of being electronically attacked or humiliated. This lack of understanding, or empathy gap, can be closed by a parent making every effort empathize with a child’s pain.

Encourage confidence and assertiveness. Mean girls target people they consider weak or vulnerable. If they know they can exploit another person publicly and get away with it, it’s game on. Even if your daughter is timid, confidence and assertiveness can be practiced and learned. Find teachable moments at home and challenge your daughter to boldly express her opinions, thoughts, and feelings. Her ability to stand up for herself will grow over time, so get started role-playing and brainstorming various ways to respond to mean girls with confidence.

Ask for help. Kids often keep bullying a secret to keep a situation from getting worse. Unfortunately, this thinking can backfire. Encourage your daughter to reach out for help if a mean girl situation escalates. She can reach out to a teacher, a parent, or a trusted adult. She can also reach out to peers. There’s power in numbers, so asking friends to come alongside during a conflict can curb a cyberbully’s efforts.

Exercise self-control. When it comes to her behavior, mean girls habitually go low, so encourage your daughter always to go high.  Regardless of the cruelty dished out, it’s important to maintain a higher standard. Staying calm, using respectful, non-aggressive language, and speaking in a confident voice, can discourage a mean girl’s actions faster than retribution.

Build a healthy perspective. Remind your daughter that even though bullying feels extremely personal, it’s not. A mean girl’s behavior reflects her own pain and character deficits, which has nothing to do with her target. As much as possible, help your daughter separate herself from the rumors or lies being falsely attached to her. Remind her of her strengths and the bigger picture that exists beyond the halls of middle school and high school.

Teach and prioritize self-care. In this context, self-care is about balance and intention. It includes spending more time doing what builds you up emotionally and physically — such as sleep and exercise — and less time doing things that deplete you (like mindlessly scrolling through Instagram).

Digitally walk away. When mean girls attack online, they are looking for a fight. However, if their audience disengages, a bully can quickly lose power and interest. Walk away digitally by not responding, unfollowing, blocking, flagging, or reporting an abusive account. Parents can also help by monitoring social activity with comprehensive software. Knowing where your child spends time online and with whom, is one way to spot the signs of cyberbullying.

Parenting doesn’t necessarily get easier as our kids get older and social media only adds another layer of complexity and concern. Even so, with consistent family conversation and connection, parents can equip kids to handle any situation that comes at them online.

The post Clicks & Cliques: How to Help Your Daughter Deal with Mean Girls Online appeared first on McAfee Blogs.

Digital Parenting: How to Keep the Peace with Your Kids Online

Simply by downloading the right combination of apps, parents can now track their child’s location 24/7, monitor their same social conversations, and inject their thoughts into their lives in a split second. To a parent, that’s called safety. To kids, it’s considered maddening.

Kids are making it clear that parents armed with apps are overstepping their roles in many ways. And, parents, concerned about the risks online are making it clear they aren’t about to let their kids run wild.

I recently watched the relationship of a mother and her 16-year-old daughter fall apart over the course of a year. When the daughter got her driver’s license (along with her first boyfriend), the mother started tracking her daughter’s location with the Life360 app to ease her mind. However, the more she tracked, the more the confrontations escalated. Eventually, the daughter, feeling penned in, waged a full-blown rebellion that is still going strong.

There’s no perfect way to parent, especially in the digital space. There are, however, a few ways that might help us drive our digital lanes more efficiently and keep the peace. But first, we may need to curb (or ‘chill out on’ as my kids put it) some annoying behaviors we may have picked up along the way.

Here are just a few ways to keep the peace and avoid colliding with your kids online:

Interact with care on their social media. It’s not personal. It’s human nature. Kids (tweens and teens) don’t want to hang out with their parents in public — that especially applies online. They also usually aren’t too crazy about you connecting with their friends online. And tagging your tween or teen in photos? Yeah, that’s taboo. Tip: If you need to comment on a photo (be it positive or negative) do it in person or with a direct message, not under the floodlights of social media. This is simply respecting your child’s social boundaries. 

Ask before you share pictures. Most parents think posting pictures of their kids online is a simple expression of love or pride, but to kids, it can be extremely embarrassing, and even an invasion of privacy. Tip: Be discerning about how much you post about your kids online and what you post. Junior may not think a baby picture of him potty training is so cute. Go the extra step and ask your child’s permission before posting a photo of them.

Keep tracking and monitoring in check. Just because you have the means to monitor your kids 24/7 doesn’t mean you should. It’s wise to know where your child goes online (and off) but when that action slips into a preoccupation, it can wreck a relationship (it’s also exhausting). The fact that some kids make poor digital choices doesn’t mean your child will. If your fears about the online world and assumptions about your child’s behavior have led you to obsessively track their location, monitor their conversations, and hover online, it may be time to re-engineer your approach. Tip: Put the relationship with your child first. Invest as much time into talking to your kids and spending one-one time with them as you do tracking them. Put conversation before control so that you can parent from confidence, rather than fear.

Avoid interfering in conflicts. Kids will be bullied, meet people who don’t like them and go through tough situations. Keeping kids safe online can be done with wise, respectful monitoring. However, that monitoring can slip into lawnmower parenting (mowing over any obstacle that gets in a child’s path) as described in this viral essay. Tip: Don’t block your child’s path to becoming a capable adult. Unless there’s a serious issue to your child’s health and safety, try to stay out of his or her online conflicts. Keep it on your radar but let it play out. Allow your child to deal with peers, feel pain, and find solutions. 

As parents, we’re all trying to find the balance between allowing kids to have their space online and still keep them safe. Too much tracking can cause serious family strife while too little can be inattentive in light of the risks. Parenting today is a difficult road that’s always a work-in-progress so give yourself permission to keep learning and improving your process along the way

The post Digital Parenting: How to Keep the Peace with Your Kids Online appeared first on McAfee Blogs.

How To Help Your Kids Manage Our ‘Culture of Likes’

As a mum of 4 sons, my biggest concerns about the era of social media is the impact of the ‘like culture’ on our children’s mental health. The need to generate likes online has become a biological compulsion for many teens and let’s be honest – adults too! The rush of dopamine that surges through one’s body when a new like has been received can make this like culture understandably addictive.

 

Research Shows Likes Can Make You Feel As Good As Chocolate!

The reason why our offspring (and even us) just can’t give up social media is because it can make us feel just so damn good! In fact, the dopamine surges we get from the likes we collect can give us a true psychological high and create a reward loop that is almost impossible to break. Research published in Psychological Science, a journal of the Association for Psychological Science, shows the brain circuits that are activated by eating chocolate and winning money are also activated when teens see large numbers of ‘likes’ on their own photos or photos of peers in a social network.

Likes and Self Worth

Approval and validation by our peers has, unfortunately, always had an impact on our sense of self-worth. Before the era of social media, teens may have measured this approval by the number of invitations they received to parties or the number of cards they received on their birthday. But in the digital world of the 21st  century, this is measured very publicly through the number of followers we have or the number of likes we receive on our posts.

But this is dangerous territory. Living our lives purely for the approval of others is a perilous game. If our self-worth is reliant on the amount of likes we receive then we are living very fragile existences.

Instagram’s Big Move

In recognition of the competition social media has become for many, Instagram has decided to trial hiding the likes tally on posts. Instagram believes this move, which is also being trialled in six other countries including Canada and New Zealand, will improve the well-being of users and allow them to focus more on ‘telling their story’ and less on their likes tally.

But the move has been met with criticism. Some believe Instagram is ‘mollycoddling’ the more fragile members of our community whilst others believe it is threatening the livelihood of ‘Insta influencers’ whose income is reliant on public displays of likes.

Does Instagram’s Move Really Solve Address our Likes Culture?

While I applaud Instagram for taking a step to address the wellbeing and mental health of users, I believe that it won’t be long before users simply find another method of social validation to replace our likes stats. Whether it’s follower numbers or the amount of comments or shares, many of us have been wired to view social media platforms like Instagram as a digital popularity contest so will adjust accordingly. Preparing our kids for the harshness of this competitive digital environment needs to be a priority for all parents.

What Can Parents Do?

Before your child joins social media, it is imperative that you do your prep work with your child. There are several things that need to be discussed:

  1. Your Kids Are So Much More Than Their Likes Tally

It is not uncommon for tweens and teens to judge their worth by the number of followers or likes they receive on their social media posts. Clearly, this is crazy but a common trend/ So, please discuss the irrationality of the likes culture and online popularity contest that has become a feature of almost all social media platforms. Make sure they understand that social media platforms play on the ‘reward loop’ that keep us coming back for more. Likes on our posts and validating comments from our followers provide hits of dopamine that means we find it hard to step away. While many tweens and teens view likes as a measure of social acceptance, it is essential that you continue to tell them that this is not a true measure of a person.

  1. Encourage Off-Line Activities

Help your kids develop skills and relationships that are not dependent on screens. Fill their time with activities that build face-to-face friendships and develop their individual talents. Whether it’s sport, music, drama, volunteering or even a part time job – ensuring your child has a life away from screens is essential to creating balance.

  1. Education is Key

Teaching your kids to be cyber safe and good digital citizens will minimise the chances of them experiencing any issues online. Reminding them about the perils of oversharing online, the importance of proactively managing their digital reputation and the harsh reality of online predators will prepare them for the inevitable challenges they will have to navigate.

  1. Keep the Communication Channels Open – Always!

Ensuring your kids really understand that they can speak to you about ANYTHING that is worrying them online is one of the best digital parenting insurance policies available. If they do come to you with an issue, it is essential that you remain calm and do not threaten to disconnect them from their online life. Whether it’s cyberbullying, inappropriate texting or a leak of their personal information, working with them to troubleshoot and solve problems and challenges they face is a must for all digital parents.

Like many parents, I wish I could wave a magic wand and get rid of the competition the likes culture has created online for many of our teens. But that is not possible. So, instead let’s work with our kids to educate them about its futility and help them develop a genuine sense of self-worth that will buffer them from harshness this likes culture has created.

Alex xx

The post How To Help Your Kids Manage Our ‘Culture of Likes’ appeared first on McAfee Blogs.

Cyber Security Roundup for July 2019

July was a month of mega data privacy fines. The UK Information Commissioners Office (ICO) announced it intended to fine British Airways £183 million for last September's data breach, where half a million BA customer personal records were compromised. The ICO also announced a £100 million fine for US-based Marriot Hotels after the Hotel chain said 339 million guest personal data records had been compromised by hackers. Those fines were dwarfed on the other side of the pond, with Facebook agreeing to pay a US Federal Trade Commission (FTC) fine of $5 billion dollars, to put the Cambridge Analytica privacy scandal to bed. And Equifax paid $700 million to FTC to settle their 2017 data breach, which involved the loss of at least 147 million personal records. Big numbers indeed, we are seeing the big stick of the GDPR kicking in within the UK, and the FTC flexing some serious privacy rights protection punishment muscles in the US. All 'food for thought' when performing cybersecurity risk assessments.

Through a Freedom of Information request, the UK Financial Conduct Authority (FCA) disclosure a sharp rise of over 1000% in cyber-incidents within UK financial sector in 2018. In my view, this rise was fueled by the mandatory data breach reporting requirement of the GDPR, given it came into force in May 2018. I also think the finance sector was reluctant to report security weakness pre-GDPR, over fears of damaging their customer trust. Would you trust and use a bank if you knew its customers were regularly hit by fraud?

Eurofins Scientific, the UK's largest forensic services provider, which was taken down by a mass ransomware attack last month, paid the cybercrooks ransom according to the BBC News. It wasn't disclosed how much Eurofins paid, but it is highly concerning when large ransoms are paid, as it fuels further ransomware attacks.

A man was arrested on suspicion of carrying out a cyberattack against Lancaster University. The UK National Crime Agency said university had been compromised and "a very small number" of student records, phone numbers and ID documents were accessed. In contrast, the FBI arrested a 33 old software engineer from Seattle, she is alleged to have taken advantage of a misconfigured web application firewall to steal a massive 106 million personal records from Capital One. A stark reminder of the danger of misconfiguring and mismanaging IT security components.

The Huawei international political rhetoric and bun fighting has gone into retreat. UK MPs said there were no technological grounds for a complete Huawei banwhile Huawei said they were 'confident' the UK will choose to include it within 5G infrastructure. Even the White House said it would start to relax the United States Huawei ban. It seems something behind the scenes has changed, this reversal in direction is more likely to be financially motivated than security motivated in my rather cynical view.

A typical busy month for security patch releases, Microsoft, Adobe and Cisco all releasing the expected barrage of security updates for their products. There was security updates released by Apple as well, however, Google researchers announced six iPhone vulnerabilities, including one that remains unpatched.

BLOG
NEWS
VULNERABILITIES AND SECURITY UPDATES
HUAWEI NEWS AND THREAT INTELLIGENCE

FOMO: How to Help Digital Kids Overcome the Feeling of Missing Out

What happens when you give hundreds of teenagers smartphones and unlimited access to chat apps and social networks 24/7? A generation emerges with a condition called Fear of Missing Out, or, FOMO. While feelings of FOMO have been around for centuries, social media has done its part to amplify it, which can cause some serious emotional fallout for teens today.

What is FOMO

FOMO is that uneasy and often consuming feeling you’re missing out on something more interesting, exciting or better than what you are currently doing. FOMO affects people of all ages in various ways since 77% of humans now own phones. However, for uber-digital teens, FOMO can hit especially hard. Seeing a friend’s Paris vacation photos on Instagram or watching friends at a party on Snapchat can spark feelings of sadness and loneliness that can lead to anxiety and even depression.

As one mom recently shared with us: “My daughter called me a few months ago saying she wanted to drop out of college and travel the world. When I asked her what sparked this and how she planned to finance her adventure, she said, ‘everyone else is doing it, so I’m sure I’ll figure it out.'”

After further discussion, the mom discovered that her daughter’s idea to drop out was a combination of intense FOMO and lack of sleep. It was exam week, the pressure was high, and scrolling Instagram made her daughter question her life choices. When exams ended, her daughter got some sleep and took a few days off of social media and remains in school today.

Signs of FOMO

  • Constantly checking social media (even while on vacation, out with friends, or attending a fun event)
  • Constantly refreshing your screen to get the latest updates and to see people’s responses to your posts
  • Feeling you need to be available and respond to your friends 24/7
  • Obsessively posting your daily activities online
  • Feeling of needing new things, new experiences, a better life
  • Feeling sad, lonely, or depressed after being on social media for extended periods of time
  • Feeling dissatisfaction with one’s life
  • Making life choices or financial decisions based on what you see online

Coaching Kids through FOMO

Nurture JOMO. The Joy of Missing Out, JOMO, is the opposite of FOMO. It’s the feeling of freedom and even relief that we’ve unplugged and are fully present in the moment. To encourage more JOMO and less FOMO, parents can help guide kids toward personal contentment with more phone-free activities such as reading, journaling, face-to-face conversations, outdoor activities, and practicing mindfulness.

Other ways to encourage JOMO: Remind kids they have choices and don’t have to say “yes” to every invitation and to ask themselves, “Is this something I really want to do?” Also, consider challenging them to turn off their phone notifications, try a digital cleanse for a day or even a week, and read and discuss this great JOMO Manifesto together. A big perk of embracing JOMO is also “missing out” on some of the digital risks such as oversharing and risks to reputation and privacy.

Keep a thought journal. Changing your thinking is hard work. Experts suggest that kids suffering from anxiety, depression, or FOMO keep a thought journal to track, analyze, and reframe negative thoughts in more realistic, honest ones. For example, an initial thought might be: “I can’t believe my friends went to the concert without me. They must not want me around.” After thinking honestly about the situation, that thought might change to: “I don’t even like that band, wouldn’t spend money to see them, and my friends know that. Anyway, I had a blast with Ashley at the movies tonight.”

Cut back on social media. Cutting back sounds like an obvious fix, right? That’s the thing about unhealthy habits — they can be very tough to break and sometimes we need help. Most kids will be quick to argue that the amount of time they spend online doesn’t impact their emotions at all but numerous studies and common sense contradict that reasoning. They say this because the thought of cutting back on their social media habits can strike panic. It’s a love-hate routine they don’t quite know how to stop and it is their go-to remedy for boredom. So persist in helping your child reduce screen time. Be creative by offering alternate activities and helping them stay on track with their goals.

Curate for quality. This tip will, no doubt, challenge your kids. You may even get a flat “no way” when you suggest it. When it comes to photo-based platforms like Instagram and Snapchat, challenge your child to think about why they follow certain friends or accounts. Challenge them to delete feeds that are not encouraging, useful, or post quality content. They may not want to reduce their friends’ list (follower and friend counts matter) but they can mute accounts so they don’t have to see content that triggers FOMO feelings.

FOMO is a very real feeling so if your child shows signs of it be sure to validate their feelings. Periodic feelings of exclusion and hurt are part of being human. Don’t, however, allow faulty, streaming perceptions to push out the true joys of real-life experiences. Be the bridge of reason for your kids reminding them that social media spotlights the best versions of people’s lives — the filtered versions — but that nothing compares to showing up and living the real adventure.

The post FOMO: How to Help Digital Kids Overcome the Feeling of Missing Out appeared first on McAfee Blogs.

4 Ways for Parents to Handle the Facebook Messenger Bug

9 out of 10 children in the U.S. between the ages of six and twelve have access to smart devices. And while parents know it’s important for their children to learn to use technology in today’s digital world, 75% want more visibility into their kids’ digital activities. This is precisely why Facebook designed Messenger Kids to empower parents to monitor their children’s safety online. However, the popular social media platform had to recently warn users of a security issue within this app for kids.

The central benefit of Messenger Kids is that children can only chat with other users their parents approve of. Yet one design flaw within the group chat feature prevented Facebook from upholding this rule. Children who started a group chat could include any of their approved connections in the conversation, even if a user was not authorized to message the other kids in the chat. As a result, thousands of children were able to connect with users their parents weren’t aware of via this flaw.

Luckily, Facebook removed the unauthorized group chats and flagged the issue to all affected users, promising that that potentially unsafe chats won’t happen again. While Facebook has not yet made a formal public response, they confirmed the bug to The Verge:

“We recently notified some parents of Messenger Kids account users about a technical error that we detected affecting a small number of group chats. We turned off the affected chats and provided parents with additional resources on Messenger Kids and online safety.”

Now, Facebook is currently working on still resolving the bug itself. However, there are still many actions parents can take to ensure that their child is safe on Facebook Messenger, and social media apps in general. Start by following these four best practices to secure your kid’s online presence:

  • Turn on automatic app updates on your child’s device. Updates usually include new and improved app features that your child will be excited to try. But more importantly, they tend to account for security bugs. Delaying updates can leave apps vulnerable to cybercriminals and turning on automatic app updates ensures that you don’t have to worry about missing one.
  • Get educated. Some parents find it helpful to use the same apps as their child to better understand how it works and what safety threats might be relevant. Facebook also offers resources online that provide guidance for staying safe, such as how and when to block a user and what kind of content is or isn’t risky to share. Additionally, it’s always a best practice to read the terms and conditions of an app before downloading to make sure you’re aware of what your child is signing up for.
  • Keep an open dialogue about online safety. It’s important to discuss your child’s online activities with them and walk them through best internet practices, such as changing passwords every so often and not clicking on links from unknown sources. That way, they’ll be better prepared for potential cyberthreats. Making the internet a part of the conversion will also help your child feel comfortable coming to you about things they might be skeptical about online.
  • Consider leveraging a security solution with parental controls. Depending on your child’s age and how much of a window you want into their online behaviors, you can leverage a solution such as McAfee Safe Family that can be helpful for creating a safe online environment. You can block certain websites and create predefined rules, which will help prevent your child from sharing comprising information.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 4 Ways for Parents to Handle the Facebook Messenger Bug appeared first on McAfee Blogs.

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance capitalism’ out of control

Related: Arron Banks threatens Netflix over Great Hack documentary

Cambridge Analytica may have become the byword for a scandal, but it’s not entirely clear that anyone knows exactly what that scandal is. It’s more like toxic word association: “Facebook”, “data”, “harvested”, “weaponised”, “Trump” and, in this country, most controversially, “Brexit”.

Cambridge Analytica didn’t decide democracy was for sale. We built this world, so we should own it

(December 11, 2015) First hint of the scandal

People have completely misunderstood the scandal as being about privacy, when it’s actually about power

The Cambridge Analytica files resulted in a multi-year investigation from the UK Information Commissioner's Office, "the most important ever", according to Elizabeth Denham, the Information Commissioner.

Continue reading...

Family Safety: Twitter, Instagram Beef Up Measures to Fight Hate Speech, Bullying

The past few weeks have proven to be wins for family safety with several top social networks announcing changes to their policies and procedures to reduce the amount of hateful conduct and online bullying.

Twitter: ‘Dehumanizing Language Increases Risk’

In response to rising violence against religious minorities, Twitter said this week that it would update its hateful conduct rules to include dehumanizing speech against religious groups.

“Our primary focus is on addressing the risks of offline harm, and research shows that dehumanizing language increases that risk . . . we’re expanding our rules against hateful conduct to include language that dehumanizes others based on religion,” the company wrote on its Twitter Safety blog.

Twitter offered two resources that go in-depth on the link between dehumanizing language and offline harm that is worth reading and sharing with your kids. Experts Dr. Susan Benesch and Nick Haslam and Michelle Stratemeyer define hate speech, talk about its various contexts, and advise on how to counter it.

Instagram: ‘This intervention gives people a chance to reflect.’ 

Instagram announced it would be rolling out two new features to reduce potentially offensive content. The first, powered by artificial intelligence, prompts users to pause before posting. For instance, if a person is about to post a cruel comment such as “you are so stupid,” the user will get a pop-up notification asking, “are you sure you want to post this?”

A second anti-bullying function new to Instagram is called “Restrict,” a setting that will allow users to indiscreetly block bullies from looking at your account. Restrict is a quieter way to cut someone off from seeing your content than blocking, reporting, or unfollowing, which could spark more bullying.

These digital safety moves by both Instagram and Twitter are big wins for families concerned about the growing amount of questionable content and bullying online.

If you get a chance, go over the basics of these new social filters with your kids.

Other ways to avoid online bullying:

Wise posting. Encourage kids to pause and consider tone, word choice, and any language that may be offensive or hurtful to another person, race, or gender. You are your child’s best coach and teacher when it comes to using social apps responsibly.

Stay positive and trustworthy. Coach kids around online conflict and the importance of sharing verified information. Encourage your child to be part of the solution in stopping rumors and reporting digital skirmishes and dangerous content to appropriate platforms.

Avoid risky apps. Apps like ask.fm allow anonymity should be off limits. Kik Messenger, Yik Yak, Tinder, Down, and Whisper may also present risks. Remember: Any app is risky if kids are reckless with privacy settings, conduct, content, or the people they allow to connect with them.

Layer security. Use a comprehensive solution to help monitor screentime, filter content, and monitor potentially risky apps and websites.

Monitor gaming communities. Gaming time can skyrocket during the summer and in a competitive environment, so can cyberbullying. Listen in and monitor game time conversations and make every effort to help him or her balance summer gaming time.

Make profiles and photos private. Require kids under 18 to make all social profiles private. By doing this, you limit online circles to known friends and reduces the possibility of cyberbullying and online conflict.

The post Family Safety: Twitter, Instagram Beef Up Measures to Fight Hate Speech, Bullying appeared first on McAfee Blogs.

5 Digital Risks to Help Your Teen Navigate this Summer

S’mores.
Sparklers.
Snow cones.
Sunburns.
Fireflies.

Remember when summer was simple? Before smartphones and social networks, there was less uploading and more unwinding; less commenting and more savoring. 

There’s a new summer now. It’s the social summer, and tweens and teens know it well. It’s those few months away from school where the pressure (and compulsion) to show up and show off online can double. On Instagram and Snapchat, it’s a 24/7 stream of bikinis, vacations, friend groups, and summer abs. On gaming platforms, there’s more connecting and competing. 

With more of summer playing out on social, there’s also more risk. And that’s where parents come in. 

While it’s unlikely you can get kids to ditch their devices for weeks or even days at a time this summer, it is possible to coach kids through the risks to restore some of the simplicity and safety to summer.

5 summer risks to coach kids through:

  1. Body image. Every day your child — male or female — faces a non-stop, digital tidal wave of pressure to be ‘as- beautiful’ or ‘as-perfect’ as their peers online. Summer can magnify body image issues for kids.
    What you can do: Talk with your kids about social media’s power to subtly distort body image. Help kids decipher the visual world around them — what’s real, what’s imagined, and what’s relevant. Keep an eye on your child’s moods, eating habits, and digital behaviors. Are comments or captions focused only on looks? If so, help your child expand his or her focus. Get serious about screen limits if you suspect too much scrolling is negatively impacting your child’s physical or emotional health.
  2. Gaming addiction. The risks connected with gaming can multiply in the summer months. Many gaming platforms serve as social networks that allow kids to talk, play, and connect with friends all day, every day, without ever leaving their rooms. With more summer gaming comes to the risk for addiction as well as gaming scams, inappropriate content, and bullying.
    What you can do: Don’t ignore the signs of excessive gaming, which include preoccupation with gaming, anger, irritation, lying to cover playing time, withdrawal and isolation, exchanging sleep for gaming. Be swift and take action. Set gaming ground rules specific to summer. Consider parental control software to help with time limits. Remember: Kids love to circumvent time limits at home by going to a friend’s house to play video games. Also, plan summer activities out of the house and away from devices.
  3. Cyberbullying. Making fun of others, threatening, name-calling, exclusion, and racial or gender discrimination are all serious issues online. With more time on their hands in the summer months, some kids can find new ways to torment others.
    What you can do: Listen in on (monitor) your child’s social media accounts (without commenting or liking). What is the tone of your child’s comments or the comments of others? Pay attention to your child’s moods, behaviors, and online friend groups. Note: Your child could be the target of cyberbullying or the cyberbully, so keep your digital eyes open and objective.
  4. Smartphone anxiety. Anxiety is a growing issue for teens that can compound in the summer months if left unchecked. A 2018 survey from the Pew Research Center reveals that 56 percent of teens feel anxious, lonely, or upset when they don’t have their cell phones.
    What you can do:
    Pay attention to your child’s physical and emotional health. Signs of anxiety include extreme apprehension or worry, self-doubt, sleeplessness, stomach or headache complaints, isolation, panic attacks, and excessive fear. Establish screen limits and plan phone-free outings with your child. Set aside daily one-on-one time with your child to re-connect and seek out professional help if needed.
  5. Social Conflict. More hours in the day + more social media = potential for more conflict. Digital conflict in group chats or social networks can quickly get out of hand. Being excluded, misunderstood, or criticized hurts, even more, when it plays out on a public, digital stage.
    What you can do: While conflict is a normal part of life and healthy friendships, it can spiral in the online space where fingers are quick to fire off responses. Offer your child your ears before your advice. Just listen. Hear them out and (if asked) help them brainstorm ways to work through the conflict. Offer options like responding well, not engaging, and handling a situation face-to-face. Avoid the temptation to jump in and referee or solve.

Summer doesn’t have to be stressful for kids, and the smartphone doesn’t have to win the majority of your child’s attention. With listening, monitoring, and timely coaching, parents can help kids avoid common digital risks and enjoy the ease and fun of summer. 

The post 5 Digital Risks to Help Your Teen Navigate this Summer appeared first on McAfee Blogs.

Are Your Kids Part of the TikTok App Craze? Here’s What Parents Need to Know

What phone app has over 150 million active users and more than 14 million uploads every day? You might guess Facebook, Instagram, or Snapchat, but you’d be wrong. Meet TikTok — a video app kids are flocking to that is tons of fun but also carries risk.

What Is It?

TikTok is a free social media app that allows users to create and share short 15-second videos set to favorite music. If your child was a fan of Musical.ly, then he or she is probably active on TikTok since Musical.ly shut down last year and moved all of its users to TikTok. Kids love the app because it’s got all the social perks — music, filters, stickers — and the ability to amass likes and shares (yes, becoming TikTok-famous is an aspiration for some).

The Upside

There are a lot of positive things about this app. It’s filling the void of the sorely missed Vine app in that it’s a fun hub for video creation and peer connection. Spending time on TikTok will make you laugh out loud, sing, and admire the degree of creativity so many young users put into their videos. You will see everything from heartfelt, brave monologues, to incredible athletic stunts, to hilarious, random moments in the lives of teens. It’s serious fun.

Another big positive is the app appears to take Digital Wellbeing (tools in the app that encourage screen time), privacy, and online safety seriously. Its resources tab is rich with tips for both parents and kids.

The (Potential) Downside

As with any other social app, TikTok carries inherent risks, as reported by several news sources, including ABC.

For instance, anyone can view your child’s videos, send a direct message, and access their location information. And, while TikTok requires that users are at least 13 years old to use the app and anyone under 18 must have parent’s approval, if you browse the app, you’ll quickly find that plenty of preteens are using it. A predator could easily create a fake account or many accounts to strike up conversations with minors.

Another danger zone is inappropriate content. While a lot of TikTok content is fun and harmless, there’s a fair share of the music that includes explicit language and users posting content that should not be viewed by a young audience.

And, wherever there’s a public forum, there’s a risk of cyberbullying. When a TikTok user posts a video, that content instantly becomes open for public comment or criticism and dialogue can get mean.

Talking Points for Families

Most social media apps have an inherent risk factor because the world wide web is just that — much of the planet’s population in the palm of your child’s hand. Different age groups and kids will use apps differently. So, when it comes to apps, it’s a good idea to monitor how your child uses each app and tailor conversations from there.

  • Download the app. If your child uses TikTok, it’s a good idea to download the app too. Look around inside the community. Analyze the content and the culture. Are the accounts your child follows age appropriate? Are the comments and conversations positive? Does your child know his or her followers? Is your child posting appropriately?
  • Talk about the risks. Spend time with your child and watch how he or she uses TikTok. Let them teach you why they love it. Encourage creativity and fun, but don’t hesitate to point out danger zones and how your child can avoid them.
  • Monitor direct messages. This may seem invasive, but a lot of the safety threats to your child take place behind the curtain of the public feed in direct messages. Depending on the age of your child (and the established digital ground rules of your family) consider requiring access to his or her account.
  • Adjust settings. Make sure to click account settings to ‘private’ so only people your child knows can access his or her content and send direct messages. Also, turn off location services and consider getting comprehensive security software for all family devices.

Apps are where the fun is for kids so you can bet your child will at least check out buzz-worthy platforms like TikTok. They may browse, or they may become content creators. Your best social monitoring tool is to keep an open dialogue with your child. Keep talking with your kids about what’s going on in their digital life — where they hang out, who their friends are, and what’s new.  You may get some resistance but don’t let that stop you from doing all you can to keep your family safe online.

The post Are Your Kids Part of the TikTok App Craze? Here’s What Parents Need to Know appeared first on McAfee Blogs.

Breaches and Bugs: How Secure are Your Family’s Favorite Apps?

app safety

app safetyIs your family feeling more vulnerable online lately? If so, you aren’t alone. The recent WhatsApp bug and social media breaches recently have app users thinking twice about security.

Hackers behind the recent WhatsApp malware attack, it’s reported, could record conversations, steal private messages, grab photos and location data, and turn on a device’s camera and microphone. (Is anyone else feeling like you just got caught in the middle an episode of Homeland?)

There’s not much you and your family can do about an attack like this except to stay on top of the news, be sure to share knowledge and react promptly, and discuss device security in your home as much as possible.

How much does your family love its apps? Here’s some insight:

  • Facebook Messenger 3.408 billion downloads
  • WhatsApp 2.979 billion downloads
  • Instagram 1.843 billion downloads
  • Skype 1.039 billion downloads
  • Twitter 833.858 million downloads
  • Candy Crush 805.826 million downloads
  • Snapchat 782.837 million downloads

So, should you require your family to delete its favorite apps? Not even. A certain degree of vulnerability comes with the territory of a digital culture.

However, what you can and should do to ease that sense of vulnerability is to adopt proactive safety habits — and teach your kids — to layer up safeguards wherever possible.

Tips to Help Your Family Avoid Being Hacked

Don’t be complacent. Talk to your kids about digital responsibility and to treat each app like a potential doorway that could expose your family’s data. Take the time to sit down and teach kids how to lock down privacy settings and the importance of keeping device software updated. Counsel them not to accept data breaches as a regular part of digital life and how to fight back against online criminals with a security mindset.

Power up your passwords. Teach your kids to use unique, complex passwords for all of their apps and to use multi-factor authentication when it’s offered.

Auto update all apps. App developers regularly issue updates to fix security vulnerabilities. You can turn on auto updates in your device’s Settings.

Add extra security. If you can add a robust, easy-to-install layer of security to protect your family’s devices, why not? McAfee mobile solutions are available for both iOS and Android and will help safeguard devices from cyber threats.

Avoid suspicious links. Hackers send malicious links through text, messenger, email, pop-ups, or within the context of an ongoing conversation. Teach your kids to be aware of these tricks and not to click suspicious links or download unfamiliar content.

Share responsibly. When you use chat apps like WhatsApp or Facebook Messenger, it’s easy to forget that an outsider can access your conversation. Remind your children that nothing is private — even messaging apps that feel as if a conversation is private. Hackers are looking for personal information (birthday, address, hometown, or names of family members and pets) to crack your passwords, steal your identity, or gain access to other accounts.

What to Do If You Get Hacked

If one of your apps is compromised, act quickly to minimize the fallout. If you’ve been hacked, you may notice your device running slowly, a drain on your data, strange apps on your home screen, and evidence of calls, texts or emails you did not send.

Social media accounts. For Facebook and other social accounts, change your password immediately and alert your contacts that your account was compromised.

Review your purchase history. Check to see if there are any new apps or games installed that you didn’t authorize. You may have to cancel the credit card associated with your Google Play or iTunes account.

Revoke app access, delete old apps. Sometimes it’s not a person but a malicious app you may have downloaded that is wreaking havoc on your device. Encourage your kids to go through their apps and delete suspicious ones as well as apps they don’t use.

Bugs and breaches are part of our digital culture, but we don’t have to resign ourselves to being targets. By sharing knowledge and teaching kids to put on a security mindset, together, you can stay one step ahead of a cybercrook’s digital traps.

The post Breaches and Bugs: How Secure are Your Family’s Favorite Apps? appeared first on McAfee Blogs.

Cyber Security Roundup for April 2019

The UK government controversially gave a green light to Huawei get involved with the building of the UK's 5G networks, although the Chinese tech giant role will be limited to non-sensitive areas of the network, such as providing antennas. This decision made by Theresa May came days after US intelligence announced Huawei was Chinese state funded, and amidst reports historical backdoors in Huawei products, stoking up the Huawei political and security row even further this month, and has resulted in the UK Defence Secretary, Gavin Williamson, being sacked. 
The National Cyber Security Centre (NCSC) launched a free online tool called "Exercise in a Box", designed by the UK cyber intelligence boffins to help organisations prepare in managing major cyber attacks.  The premise, is the tool will help UK organisations avoid scenarios such as the 2017’s Wannacry attacks, which devastated NHS IT systems and placed patient lives at risk.
 
German drug manufacturing giant, Beyer, found a malware infection, said to originate from a Chinese group called "Wicked Panda".  The malware in question was WINNIT, which is known in the security industry and allows remote access into networks, allowing hackers to deliver further malware and to conduct exploits. In my view, the presence of WINNIT is a sure sign a covert and sustained campaign by a sophisticated threat actor, likely focused on espionage given the company's sector.  Beyer stressed there was no evidence of data theft, but were are still investigating. 
 
Another manufacturing giant severely hit by a cyber attack this month was Aebi Schmidt. A ransomware outbreak impacted its business' operations globally, with most of the damage occurring at their European base. The ransomware wasn't named, but it left multiple Windows systems, on their presumably flat network infrastructure, paralyzed.
 
Facebook may have announced the dawn of their "privacy evolution" at the end of April, but their privacy woes still continue, after Upguard researchers found and reported 540 Million Facebook member records on an unsecured AWS S3 bucket. The "Cultura Colectiva" dataset contained 146GB of data with 540 million records showing comments, likes, reactions, account names, Facebook IDs and more. Looks like Facebook really have their work cut in restoring their consumer's faith in protecting their privacy.
 
UK businesses saw a significant increase in cyber attacks in 2019 according to a report by insurer Hiscox, with 55% of respondents reporting they had faced a cyber attack in 2019, up from 40% from last year.
 
A survey by the NCSC concluded most UK users are still using weak passwords. Released just before CyberUK 2019 conference in Glasgow, which I was unable attend due work commitments, said the most common password on breached accounts was"123456", used by 23.2 million accounts worldwide. Next on the list was "123456789" and "qwerty", "password" and "1111111".  Liverpool was the most common Premier League Football team used as a password, with Blink 182 the most common music act. The NCSC also published a separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches. So password still remains the biggest Achilles' heel with our security.

The UK hacktivist threat came back to the fore this month, after the Anonymous Group took revenge on the UK government for arresting WikiLeaks founder Julian Assange, by attacking Yorkshire Councils. I am not sure what Yorkshire link with Assange actually is, but the website for Barnsley Council was taken down by a DDoS attack, a tweet from the group CyberGhost404 linked to the crashed Barnsley Council website and said "Free Assange or chaos is coming for you!". A tweet from an account called 'Anonymous Espana' with an image, suggested they had access to Bedale Council's confidential files, and were threatening to leak them. 
 
Microsoft Outlook.com, Hotmail and MSN users are reported as having their accounts compromised. TechCrunch revealed the breach was caused due to the hackers getting hold of a customer support tech's login credentials. Over two million WiFi passwords were found exposed on an open database by the developer of WiFi Finder. The WiFi Finder App helps to find and log into hotspots.  Two in every three hotel websites leak guest booking details and personal data according to a report. Over 1,500 hotels in 54 countries failed to protect user information.
 
Finally, but not lest, a great report by Recorded Future on the raise of the dark web business of credential stuffing, titled "The Economy of Credential Stuffing Attacks". The report explains how low-level criminals use automated 'checkers' tools to validate compromised credentials, before selling them on.

I am aware of school children getting sucked into this illicit world, typically starts with them seeking to take over better online game accounts after their own account is compromised, they quickly end up with more money than they can spend. Aside from keeping an eye on what your children are up to online as a parent, it goes to underline the importance of using unique complex passwords with every web account (use a password manager or vault to help you - see password security section on the Security Expert website). And always use Multi-Factor Authentication where available, and if you suspect or have are informed your account 'may' have compromised, change your password straight away.

BLOG
 NEWS
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
REPORTS

Cyber Security Roundup for March 2019

The potential threat posed by Huawei to the UK national infrastructure continues to be played out. GCHQ called for a ban on Huawei technology within UK critical networks, such as 5G networks, while Three said a Huawei ban would delay the UK 5G rollout, and the EU ignored the US calls to ban Huawei in 5G rollouts, while promoting the EU Cybersecurity certification scheme to counter the Chinese IT threat, which is all rather confusing.  Meanwhile, Microsoft Researchers found an NSA-style Backdoor in Huawei Laptops, which was reported to Huawei by Microsoft, leading to the flaw being patched in January 2019.
A serious security flaw placed Royal Bank of Scotland (RBS) customers at risk. The vulnerability was discovered by PenTest Partners in the bank provided 'Heimdal Thor', security software, which was meant to protect NatWest customers from cyber-attacks but actually permitted remote injection commands at the customer's endpoint. PenTest Partners said "We were able to gain access to a victim's computer very easily. Attackers could have had complete control of that person's emails, internet history and bank details. To do this we had to intercept the user's internet traffic but that is quite simple to do when you consider the unsecured public wi-fi out there, and it's often all too easy to compromise home wi-fi setups.
 
Facebook made negative security headlines yet against after they disclosed that 20,000 of their employees had access to hundreds of millions of their user account passwords for years.

One of the world’s biggest aluminium producers, 
Norsk Hydrosuffered production outages after a ransomware outbreak impacted its European and US operations.  Damages from ransomware attack on Norsk Hydro reach as high as $40M.

Citrix disclosed a security breach of its internal network may have compromised 6Tb of sensitive data. The FBI had told Citrix that international cyber criminals had likely gained access to its internal network. Citrix said in a statement it had taken action to contain the breach, “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI”.  According to security firm Resecurity, the attacks were perpetrated by Iranian-linked group known as IRIDIUM.

Credit monitoring Equifax admitted in a report it didn't follow its own patching schedule, neglecting to patch Apache Struts which led to a major 2017 breach which impacted 145 million people.  The report also said Equifax delayed alerting their customers for 6 weeks after detecting the breach.

ASUS computers had backdoors added through its software update system, in an attack coined “ShadowHammer”. Kaspersky researchers estimated malware was distributed to nearly a million people, although the cybercriminals appeared to have only targeted 600 specific devices. Asus patched the vulnerability but questions still remain.


The top 10 biggest breaches of 2018 according to 4iQ were:
  1. Anti-Public Combo Collections – (Hacked) Sanixer Collection #1-6, 1.8 billion unique email addresses.
  2. Aadhaar, India – (Open third party device) 1.1 billion people affected
  3. Marriott Starwood Hotels – (Hacked) 500 million guests PII
  4. Exactis – (Open device) 340 million people and businesses.
  5. HuaZhu Group – (Accidental Exposure) 240 million records
  6. Apollo – (Open device) 150 million app users.
  7. Quora – (Hacked) 100 million users.
  8. Google+ – (API Glitch) 52.2 million users.
  9. Chegg – (Hacked) 40 million accounts 
  10. Cathay Pacific Airways (Targeted attack) 9.4 million passengers.
Barracuda Networks reported the top 12 phishing email subject lines, after they analysed 360,000 phishing emails over a three-month period.
BLOG
NEWS

Learning from the Big Data Breaches of 2018

Guest article by Cybersecurity Professionals

What can we learn from the major data breaches of 2018?
2018 was a major year for cybersecurity. With the introduction of GDPR, the public’s awareness of their cyber identities has vastly increased – and the threat of vulnerability along with it. The Information Commissioner’s Office received an increased number of complaints this year and the news was filled with reports of multi-national and multi-millionaire businesses suffering dramatic breaches at the hand of cybercriminals.

2018 Data Breaches
Notable breaches last year include:

5. British Airways
The card details of 380,000 customers were left vulnerable after a hack affected bookings on BA’s website and app. The company insists that no customer’s card details have been used illegally but they are expected to suffer a major loss of money in revenue and fines as a result of the attack.

4. T-Mobile
Almost 2 million users had their personal data, including billing information and email addresses accessed through an API by an international group of hackers last August.

3. Timehop
A vulnerability in the app’s cloud computing account meant that the names and contact details of 21 million users were affected on Timehop. The company assured users that memories were only shared on the day and deleted after, meaning that the hackers were not able to access their Facebook and Twitter history.

2. Facebook & Cambridge Analytica
One of the most sensationalised news stories of the last year, Facebook suffered a string of scandals after it was released that analytics firm Cambridge Analytica had used the Facebook profile data of 87 million users in an attempt to influence President Trump’s campaign and potentially aid the Vote Leave campaign in the UK-EU referendum.

1. Quora
After a “malicious third party” accessed Quora’s system, the account information, including passwords, names and email addresses, of 100 million users was compromised. The breach was discovered in November 2018.

GDPR
As the UK made the switch from the Data Protection Act to GDPR, businesses and internet users across the country suddenly became more aware of their internet identities and their rights pertaining to how businesses handled their information.

With the responsibility now firmly on the business to protect the data of UK citizens, companies are expected to keep a much higher standard of security in order to protect all personal data of their clients.

How many complaints to the ICO?
Elizabeth Denham, the UK’s Information Commissioner, said that the year 2017-18 was ‘one of increasing activity and challenging actions, some unexpected, for the office’.

This is shown in an increase in data protection complaints by 15%, as well as an increase in self-reported breaches by 30%. Since this is the first year of GDPR, it is expected that self-reported breaches have increased as businesses work to insure themselves against much higher fines for putting off their announcement.

The ICO also reports 19 criminal prosecutions and 18 convictions last year and fines totalling £1.29 million for serious security failures under the Data Protection Act 1998. The office has assured that they don’t intend to make an example of firms reporting data breaches in the early period of GDPR but as time goes on, leniency is likely to fade as businesses settle into the higher standards.

What does it mean for SMEs?
With 36% of SMEs having no cybersecurity plan, the general consensus is that they make for unpopular targets. However, with the GDPR, the responsibility is on the business to protect their data so being vulnerable could result in business-destroying costs. Considering the cost to businesses could total the higher of 2% of annual turnover or €10 million, data protection is of paramount importance to small businesses.

How exposed are we in the UK?
At 31%, our vulnerability rating is higher than the Netherlands, Germany, Estonia (30%) and Finland (29%), but the UK is a more likely target for cybercriminals looking to exploit high tech and financial services industries, which are some of the most vulnerable across Great Britain.

Despite a higher level of vulnerability, the UK has one of the largest cyber security talent pools, showing there is time and manpower being dedicated to the protection of our data online.

https://www.cybersecurity-professionals.com/blog/2019/03/01/cybercrime-in-the-uk-infographic/