Category: Online Safety for Kids

Guide to Protecting Children Against a Session Hijacking Attack

Protecting Children Against a Session Hijacking Attack

With just about every child using the internet these days, combined with the steady stream of new technological advancements coming out every year, the challenge of controlling what your kids do online is not going to get any easier.  Staying on top of online safety for kids is top concern for every parent, but not all take the time to stay informed.

Whether by using mobile devices, watching YouTube videos, taking online classes, texting friends or family, online gaming or browsing through social media platforms, there are growing number of ways your child is connecting interacting to the internet.   The graph below shows how kids used the internet last year.

types of kids internet usage

Just when you think you’re up to date on the latest security threats, something new comes along.  Often, issues come to light that are not new but no one seems to be focusing on them, such as preventing a session hijacking attack.  Safe Search Kids has your back, so let’s dive in.

Ultimate Guide on Session Hijacking Attack

There are significant benefits your kids will get by allowing them to stay online. The internet gives them exposure to the outside world. Your child will get to learn a lot through the internet.

However, it is also important to note that, while it is recommended that you allow your kids to use the internet, you should limit them and protect them against threats. Just like adults, kids are susceptible to several internet threats.

Session hijacking attacks are common these days, and they are one of the major attacks that your kids are vulnerable to. Most parents are faced with a heavy huddle trying to protect their kids against such an attack. If you are such a parent, worry no more.  This guide is an excellent read that will show you how to protect your children against a session hijacking attack.

Know What a Session Hijacking Is

I bet your child probably doesn’t know what a session hijacking is. They don’t even know if it exists. It happens when an attacker takes over your internet session. For instance, assume your child is using a smartphone to browse through the internet.  They have a favorite educational platform where they can read through various educational articles and undertake several activities. A lot will happen between the time you log in and when you log out.

For instance, hackers can obtain or generate your child’s session ID while the session is in progress.  The attacker will use the session ID to take over your child’s session, steal their sensitive data, distort their progress on educational websites, perform malicious money transfers, among many other evils.

To properly shield your kids against a session hijacking attack, you need to establish the root cause of the problem.  In essence, you must know the types of session-hijacking techniques that hackers could use to target your kids.

Session Hijacking Techniques

Session hijackers usually have a few techniques of choice to undertake a session hijack. They can choose to work with them individually or combine all of them. Here are some of the session-hijacking methods that attackers could use.

1.     Cross-Site Scripting

A malicious attacker can use cross-site scripting (XSS) to trick your child’s device into executing a malicious code masquerading as a genuine code. The XSS attacker will allow the session hijacker to have a copy of the cookie they need to perform a malicious action.

2.     Brute Force Attack

A hacker can hijack your child’s session by literally guessing a session key. Websites or applications that use a predictable or sequential pattern in their session keys are vulnerable to brute force attacks.

Brute force attack was the most dominant session hijacking technique in the past. However, applications and websites are now using randomly generated and complex session keys that offer considerable resistance against brute force attacks.

3.     Session Fixation

Session hijackers can sometimes craft a disguised session to trick your child into authenticating to a malicious server.

For instance, social engineering attacks such as phishing could effectively persuade your kids to click on a link or download an attachment that takes them to an unknown session cookie.

The session hijacker can then use the known session ID to hijack your child’s session.

4.     Session Side Jacking

Session side jacking is where an attacker uses a packet sniffer to steal a session cookie.

Typically, websites use SSL certificates to encrypt data on their pages. However, some websites do not use site-wide authentication, leaving their data vulnerable to interceptions by malicious intruders.

The moment the intruders lay their hands-on session cookies, they can hijack your child’s sessions to conduct malicious operations. For instance, an intruder can target children connected to an unsecured Wi-Fi to read through data.

5.     Malware Injection

Some malware is specifically designed to steal cookies. For instance, when your child is tricked into clicking on a malicious link or downloading an unsolicited file, the malware will scan through the network and traffic to collect session cookies which they can use to hijack your child’s session.

Ways to Stop Session Hijacking Attacks

Any effort to protect your kids against these threats will also help shield them against session hijackers.

Do you wish to know how to prevent session hijacking? The following are some of the measures you can take to protect your kids against session hijacking attacks.

1.     Do Not Allow Them to Use Public Wi-Fi

In session hijacking, unsecured public Wi-Fi could be the culprit that gives hijackers a direct ticket into your kid’s session.

It would be best if you never let your child use public Wi-Fi. There might be a cybercriminal nearby using packet sniffing to try and steal session cookies and compromise the data and online accounts.

2.     Ensure they use a Virtual Private Network

Using a Virtual Private Network will help your kids stay safe and keep hackers outside sessions if installed on the device being used.  A VPN will mask your child’s IP address and keep their browsing activities private.  VPN’s creates a secure tunnel through which all online activities will have to travel. It works by encrypting all data, thereby keeping it safe from hackers.

3.     Provide Them with an Anti-Malware Software

Children usually act without contemplating the consequences of their actions. For example, when a hacker sends them a malicious link, they will rush to download the link without giving it a second thought.

The best way to stop malware attacks is to buy them anti-malware software. You should also know some of the tips that will protect them against malware attacks.

4.     Countercheck on the Security of Their Website and Web Application

Parents must be vigilant to continually counter check their kids security posture.

It is also important to educate them on some of the various internet scams they are vulnerable to and how to safeguard themselves against such scams.

Session hijackers might be targeting your child.  It’s a scary thought but with the proper knowledge and tools you can make every online experience a safe and positive one for your kids, as well as yourself.  Spread the word and share this article with friends and family.  Session hijacking is a major security threat than many parents are not aware of.

How Your Child’s Data Is More Important Than You Think

Girl on Phone on Social Media

Last year, millions of students, parents, and teachers were forced to make the difficult transition to online learning. The abruptness of this transition meant that most of the attention was placed on creating a system that was functional and far too little effort was allocated to cybersecurity.

The danger here is that this oversite combined with the drastic increase in remote learning puts millions of children at risk from privacy concerns that even parents and teachers may not even know exist.

Old Privacy Concerns

The harrowing truth is that these privacy concerns are not new. In fact, the FBI has warned the pre-university students face a number of cybersecurity risks that include the exposure of their personal identifiers, biometric data, school information, location, browser history, IP addresses, and many other data that should be closely guarded.

What Exactly Can a Criminal Do with This Data?

While your child’s data may not seem like a valuable resource, there’s so much a criminal can do with your child’s data. The most prevalent use of a child’s stolen data is in the creation of a synthetic identity, which is a “unique” identity created by piecing together bits of data from a collection of different individuals. These identities are then paired with an unused Social Security number.

How Does This Harm My Child?

As absurd as it may sound, there are limited measures that can prevent a fraudster from applying for credit through an underage Social Security number. Once a fraudster has access to a credit line, they can begin to undermine your finances right from under your nose by building credit, gaining account access, and by amassing heart-rending debts over time.

The primary purpose of using children’s data for this type of fraud is that parents don’t generally check their child’s credit reports or teach their kids about identify theft prevention.

The worst part is that this security compromise can go unnoticed until the child (now a young adult) tries to apply for a student loan, a credit line, or a car loan. Criminals can wreak havoc on your finances in a matter of minutes. Imagine what they can do with several years.

Can I Protect My Child?

Fortunately, this threat can be averted by establishing good internet security habits at home. Many of these habits, such as the use of strict privacy app settings, enabling two-factor authentication, and the use of antivirus software, are general safety practices that every citizen ought to know by now. Other measures function as an additional security layer for when you use your device as a conduit of data, as is the case in remote learning and in remote working setups. Parents aren’t hopelessly vulnerable to these attacks, but even a single security lapse can cost you dearly.

This Threat Will Only Worsen in The Near Future

Even when this problem seems as bad as it already is, the threat to data privacy will only become worse with the advent of data-focused technologies such as artificial intelligence and the internet of things.

Artificial intelligence will require a lot of raw data before it can function the way it was intended to – which is to be able to assimilate new information to alter its processes on its own. This can easily become an excuse to collect data from users, especially from those who choose to opt into the services that are provided by these programs.

The introduction of the internet of things into the consumer market will mean that there will be a sudden and drastic increase in the devices that will be able to collect data from their users, which will make it much more difficult to control the flow of data, especially when children are involved. We cannot yet implement security measures for a problem that has not arisen, but the one thing that’s sure to happen is that things will only become more complicated, which is why it’s important to establish good data security habits as early as now.

Remember, even when your child’s data may not seem like much, it can be used to devastating effect by criminals. Your child’s data is more important than you might think; be sure you guard it accordingly.

Safe Instagram for Teens – A Detailed Parent’s Guide

Instagram Privacy for Kids

One of a parent’s nightmares is to see their child falling into the nippers of social media platforms, especially Instagram.  When people are not aware of its hidden dangers, they can lose money, become victims of data theft, and even get blackmailed.

Let’s have a closer look at Instagram dangers no one talks about.

Safety Concerns for Your Teen on Instagram

Before we talk about ways to keep your kids safe on Instagram, let’s talk about the dangers that are eyeing for your teens:

  • Every one in ten Instagram accounts is fake, created either to steal the data or inject a virus/malware into the targeted device.
  • A recent Pew survey revealed that around 59% of teens had been bullied online. Every one in five teens has been bullied on Instagram.
  • Recent research from Arkose Lab revealed that 27% of social media transactions happened between January 2020 and March 2020.
  • Instagram has been a favorite place for hackers and scammers from the day it was launched. Scams of all sorts like job scams, romance scams, shopping scams, and the like often happen on Instagram.

The above-mentioned data is adequate to give a glimpse of what dangers Instagram possesses secretively. Now, let’s come to the point and talk about ways to deal with them.

Educate Your Children about the Dangers

We know it seems complicated, but every parent must educate their children about all these perils of Instagram and social media. Make them understand that they must not follow or accept the following request from a random or unknown account. Make them aware of all the unseen dangers. Awareness is the tool to deal with any kind of hassles.

Stay in Loop

To know what your child is doing on Instagram, you must first be on the platform and keep a close watch. We know you will already have an Instagram. If you and your child follow each other, then you’re doing great. If not, then do it today.

Make Most of Instagram Assistance

Instagram itself is aware of the dangers and offers tons of tools to stay safe as much as possible. Don’t worry; these are some minor settings and filters. So, your teen child will have no worries about implementing these. Here are some of them.

Account (Private or Public)

Instagram allows you to control the account’s identity and footprint. Any Instagram account can be either private or public. No one can access private accounts. Pictures and posts will be locked. Only the followers will be able to see them.

On the other hand, public accounts are accessible to everyone.

Anyone can view the posts, share the pictures, and send text messages. Clearly, a private account is a safer way to have an Instagram presence. Encourage your teens to make their accounts private.

Manage Comment

Unwanted conversations can lead to many hassles. We have seen many teens getting bullied on their posts. Some have even got body-shamed openly in comments. Instagram offers “Comment Controls” features using unwanted commenting that can be prevented. With this feature, your teen can control who should comment on their posts.

Not only this, comments can be filtered out. Instagram has built some powerful filters that will automatically remove offensive words and phrases. You or your teen can create a list of their own bad words or emojis. This way, many sorts of offensive content can be kept out of your kids’ reach.

Story Sharing To Close Friends

Not every Instagram follower is worthy enough to watch your teen’s stories. Encourage your teens to limit the stories access by creating a list of close friends and share the story with them. They can add or delete members in this list at any time.

Manage Control

Instagram lets end-users decide who can text them, add them into a different group, or add them into a chat list. With this kind of control, tons of cyberattacks and hassles can be prevented.

Two-way Authentication

Prevent unauthorized access to your teen’s account by using the two-way authentication facility.

This is an added security feature, powered by a secure code. Only the linked mobile phone will receive that code. So, any other won’t be able to access your teen’s Instagram account.

Also, make sure you use a strong password to make Instagram account more secure.

Ending Notes

Instagram is a wonderful place to be, provided all of its risks and dangers are far away. Teens can easily carry away from the glitz and gleam of Instagram and overlook the hidden dangers of Instagram. But, a parent can’t afford to do that.

If you’re also a parent wondering how to keep your teen kids safe on Instagram then talk to them about the safety concerns and encourage them to keep their account private and utterly secure. When used responsibly, Instagram is superb.

Important Safety Tips while Using Public WiFi

Safety Tips while using Public WiFi

You do not have very go far these days to access free public Wi-Fi. It is available in airports, libraries, cafes, hotels and government buildings. This is helpful but it is important for both adults and kids to make sure they do not trade safety and security for convenience. Just because the public building you are in is reputable, does not mean the Wi-Fi connection is secure.

When using your smart phone or computer in a public hotspot, you need to be careful to ensure the Wi-Fi network is encrypted. Otherwise, it opens you up to the risk of having your online accounts hacked. This could result in cyber thieves stealing your personal information.

Here are two basic safety tips to keep in mind to protect your information.  And then we will explore additional ways to stay safe while online in public.

1.  Check to see if the Public Wi-Fi Network is Secure.

As mentioned, we are not worried about the people who control the Wi-Fi network.  The risk is when others around us are in the business of hacking into the personal accounts using the network.  It could be the person sitting across from you in a coffee shop, or just outside on the street. 

If the public Wi-Fi network does not ask you to enter in a WPA or WPA2 password, the network is not secure. As you are probably thinking, this is most places.  The most common public Wi-Fi networks that require a password are internet providers with home you have an account.

2.  Make sure any website you are on has https at the beginning of URL.  

An example of this is https://youraccount.com or https://yourbank.com.  Secure websites will encrypt your information as you use the site.  Unsecured sites do not have the “s” in them, such as http:// (your information is not encrypted and kept safe if you don’t see the “s”)

Unsecured websites will also show a padlock that is unlocked.  Here is an example of what a secured website looks like.  Notice how with website URL with https also has a closed lock.

secure encrypted website

Clicking the lock will reveal more information about the secure site.  Now you can be sure you are on a secured website.

On a mobile website, it will look like this.

secure encrypted mobile website

If you are using a site that is not secure and locked, you open yourself up to hackers that can access your personal accounts and steal your data.  This could mean your name, address, phone number, address book and photos.

Hackers need see you on a public WiFi to be able to monitor our activity, so one sure fire way to to prevent this (regardless of being on an unsecured network) is to encrypt your data by using a trusted VPN. It can be turned on when you wish, such as when you are in public or traveling.

Here are ore ways to protect your personal information when using public Wi-Fi.

  • It is good idea to have different passwords for each of your online accounts. This way if a cyber thief gets a hold of your email and password on one of your accounts, they will be unable to log into other accounts using the same password.
  • Educate yourself on the various ways cyber attacks happen even when you are in the safety of your own home network, such as Phishing, Vishing and SMishing. Hacking through public WiFi is less common than these other methods used.
  • Do not email important information about yourself for any reason.  This includes credit card details, bank account information and your personal government ID number. You should never do this even if a network is secure, not even from home.
  • When accessing accounts in public, whether it is your own computer or a PC in a library, always log out when finished.
  • Take advantage of 2 step verification methods being offered within your personal accounts.  This will add further security because 2 step verification means you cannot log in until you enter a secret code that is sent to you by text or via the Google Authenticator App.

If you are in doubt about the security using any public Wi-Fi network or website, it is best to restrict your activity online to general use, such as searching Google while you are not logged into your Google account.

Do not log into any personal accounts and if you find it necessary to do so, disconnect from Wi-Fi and use your personal cell data.  Even then, it is always important to ensure the websites on your account pages start with https in the URL.  Most major accounts websites are secure, but if you do not see https something may be wrong.

If you are in doubt about the security using any public Wi-Fi network or website, it’s best to restrict your activity online to general use, such as searching Google while you are not logged into your Google account.

Don’t log into any other personal accounts and if you find it necessary to do so, disconnect from Wi-Fi and use your personal cell data.  Even then, it’s always important to ensure the websites on your account pages start with https in the url.  Most major accounts websites are secure, but if you don’t see https something may be wrong.