Uncategorized

Having a Field Day with Your Android Apps? So Do Cyber Criminals!

You love your Android phone and you love to go to the Play Store and download exciting new apps. You have also been through the Crazy Birds obsession and the Candi Crush mania. But do you know that your Android phone is not secured against the smartest of breaches: mobile app hackers. Before we go ahead and explain the intensity of this threat to mobile apps, especially Android apps, let’s have a look at the facts and figures, reported by Arxan, regarding mobile app hacks:

  • 97% of top 100 paid Android apps have been hacked.
  • 87% of top 100 paid iOS apps have been hacked.
  • 80% of popular free Android apps have been hacked.
  • 75% of the popular free iOS apps have been hacked.

and more 97% of top 100 paid Android apps have been hacked. 87% of top 100 paid iOS apps have been hacked. 80% of popular free Android apps have been hacked. 75% of the popular free iOS apps have been hacked.

These facts and figures are horrifying. What we once considered a safe way of computing, exchanging information and thoughts and communicating with others, has turned out to be totally vulnerable to security threats like mobile app breaches. Our intention is not to frighten you, but reality is harsh. The oh so glorious Google’s Android OS is not safe. What if we tell you that an app that you have on your Android phone, is likely to be a fake, produced by some smart cybercriminals? After Google decided to transform the Android Market into Google Play, such criminals have great fun producing fake apps. Even Google Play is compromised, what do you expect from Android apps on your phone?

What to do? One option might be to live in a layman’s Utopia and believe that malwares and hacking are only for computers, and that your smart phone is immune. Another option, and a smart one, is to consider a security plan against mobile app hacking. When we talk about the security of apps on your mobile phone, specifically for an Android phone, the security can be provided at three different levels. One layer of protection is on device level; it varies from device to device and approach focuses on the device and not the operating system, let alone the vulnerable apps. Another layer of security is on the operating system level. This may vary from iOS to Android, but again the vulnerability of apps is not fully addressed in this type of security doctrine. A whole new level of security is at the application level. There are different types of apps in a mobile phone. We are not discussing the difference due to their functions e.g. fun, games, entertainment or communication but by the difference design of the apps. The more important apps are the custom apps presented in every Android phone. Just imagine if someone successfully infiltrates into your Gmail app? Your personal correspondence and financial communication would be at the mercy of a vicious stranger.

You need maximum security, and that can only be ensured with the help of a reliable tool to provide security on the application level. This type of security ensures that you get strong protection against app hacking attempts and keep your financial and personal details safe.

Enjoy using certain custom and downloaded apps on your Android phone all you want, but bear in mind the importance of maximum app security.

Uncategorized

Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You.

It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.

Watch out for SMSishing Hooks

If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.

While this threat was once a rarity, it’s rise in popularity is two-fold. The first aspect being that users have been educated to distrust email messages and the second being the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:

  1. Always double-check the message’s source. If you receive a text from your bank or credit card company, call the organization directly to ensure the message is legit.
  2. Delete potential SMSishing Do not reply to or click on any links within a suspected malicious text, as that could lead to more SMSishing attempts bombarding your phone.
  3. Invest in comprehensive mobile security. Adding an extra level of security can not only help protect your device but can also notify you when a threat arises.

Public Wi-Fi Woes  

Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:

  1. Look for password-protected networks. As strange as it sounds, if you purposely enter the incorrect password but are still allowed access, the network is most likely a fraud.
  2. Pay attention to page load times. If the network you are using is very slow, it is more likely a cybercriminal is using an unreliable mobile hotspot to connect your mobile device to the web.
  3. Use a virtual private network or VPN. While you’re on-the-go and using public Wi-Fi, add an extra layer of security in the event you accidentally connect to a malicious network. VPNs can encrypt your online activity and keep it away from prying eyes. 

Malicious Apps: Fake It till They Make It

Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.

In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:

  1. Check for typos and poor grammar. Always check the app developer name, product title, and description for typos and grammatical errors. Often, malicious developers will spoof real developer IDs, even just by a single letter or number, to seem legitimate.
  2. Examine the download statistics. If you’re attempting to download a popular app, but it has a surprisingly low number of downloads, that is a good indicator that an app is most likely fake.
  3. Read the reviews. With malicious apps, user reviews are your friend. By reading a few, you can receive vital information that can help you determine whether the app is fake or not.

The Sly Operation of Grayware

With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:

  1. Be sure to update your device. Grayware looks for vulnerabilities that can be exploited, so be sure to always keep your device’s software up-to-date.
  2. Beware of rogue apps. As mentioned in the previous section, fake apps are now a part of owning a smartphone. Use the tips in the above section to ensure you keep malicious apps off of your device that may contain grayware.
  3. Consider a comprehensive mobile security system. By adding an extra level of security, you can help protect your devices from threats, both old and new.
Uncategorized

DIFFERENT WAYS THAT YOUR EMAIL ADDRESS CAN BE EXPLOITED BY HACKERS.

At the very least, you need to understand the damage done when a hacker gains access to your email. Here are just a few ways in which cyber-criminals can exploit your email address.

Scamming Your Contact List

This is where most hackers begin. When they gain entry to your email account, they also gain access to your digital contact list. If you have ever received a strange email from a friend asking you to click a link or send money, chances is hacking of the account. The link’s intention is to infect your computer or the money is going to the hacker.

Mass Email Scams

Once hackers have finished targeting your contacts, they will likely move on to larger email scams. They do this by using your email address to send out massive mailings to lists of unknown recipients. Phishing scams try to get recipients to click a spam link, download a malicious file, or send information or money is commonplace. Hackers rarely use email addresses traced back to them. Why should they when they can use an address that leads to you?

Infiltrating Devices and Programs

With strong password protection, a secure email service, and some common sense, such as not to click spam links or download dangerous files. This gives the opportunity to avoid having your email hacked. If hacked, however, chances are even HIPAA encryption levels cannot stop hackers from infiltrating your computer, programs, attached mobile devices, your cloud, and even online shopping accounts.

Most people put all their eggs in one basket. If hackers gain access to your email, they could have an open doorway to any number of other devices and accounts. They can use your email to reset other account passwords, gain access to credit information, or even delete accounts, such as social media profiles.

Ruining Your Online Reputation

With strong password protection, a secure email service, and some common sense, such as not to click spam links or download dangerous files. This gives the opportunity to avoid having your email hacked. If hacked, however, chances are even HIPAA encryption levels cannot stop hackers from infiltrating your computer, programs, attached mobile devices, your cloud, and even online shopping accounts.

Most people put all their eggs in one basket. If hackers gain access to your email, they could have an open doorway to any number of other devices and accounts. They can use your email to reset other account passwords, gain access to credit information, or even delete accounts, such as social media profiles.

Uncategorized

10 Cyber security Tips for Online Shopping.

  1. Skip the debit card
    When shopping online it’s best to stick to credit cards or payment services like Paypal. Because debit cards are linked to your bank account, you’re at much higher risk if someone is able to hack your information. Credit cards offer more protection and less liability if a card number gets stolen. This is one time when it pays to put it on plastic.

“When a fraudulent site or transaction is found, credit card companies will typically immediately reverse the charge and conduct an investigation. “If you use your debit card and there is a problem, your bank may not give you the money back until after an investigation is conducted, which could take weeks or months.”

  1. Shop secure sites only
    Before entering any personal or financial information, make sure you verify that the site you are on is legitimate and secure. The easiest way to tell is to look for “https” at the beginning of a site’s address. If you don’t see the “s” at the end of “http,” then the site is not encrypted and your data will not be secure. All legitimate shopping sites will have the “s” for your protection.
  2. Update your software

    Updating your software is one of the easiest things you can do to protect your information, but many people put it off. Software updates are often released to help improve security and fight new attacks that are being developed constantly. It may seem inconvenient to have to wait for your computer (or your smartphone) to go through updates and restart, but the protective benefits are well worth it. Next time you see an alert to update your software, do it.

Outsmart email scams
The holidays are a great time for email scammers to send out viruses and malware in the guise of a gift or special offer. Don’t open emails from someone you don’t know or a site you haven’t visited. Another way the bad guys try to get you is with phony messages from your bank or other financial institution saying there is an alert or problem with your account. Always call the bank directly to verify any potential problems and never enter your account information in response to an email like this.

Don’t click on links
In addition to sneaky attacks in emails, beware of links to deals that are too good to be true on social networking sites. Look out for unbelievable offers and holiday gifts and bonuses. If you’re really tempted by an offer, do some research or find out if anyone else has tried to take advantage of the deal before clicking.

Beef up your passwords
Best Password Managers Buyers Guide
Dashlane Password Manager Logo
SEE TOP PICKS
There’s a reason this piece of advice may sound like a broken record — it’s really important. Secure, unique passwords are your best gatekeepers when it comes to keeping your private information private. If you use the same password for multiple sites, take the time to change them up. If you want to be virtually hack-proof, use a password generator and manager to help you devise and keep track of the types of long, complicated passwords that are not worth a hacker’s time to crack.

Never give more info than needed
Most websites you visit or shop on will ask you for information to complete your purchase or start a wish list. Give them only the information they require you to provide. If a complete address or phone number is optional, then skip those fields. The more info you put out there, the more accessible you are to a bad guy. And before committing your information to a site, take the time to read their privacy policy and find out exactly where and how your information will be shared.

Don’t go public
Free hotspots are like manna from heaven when you’re out and about, but hackers like them even more than you do. Because public networks aren’t secured, any information you enter on a public network is ripe for the picking. Don’t log in to banking sites or payment sites like Paypal on a public network — and make sure that you are logged out of such sites on mobile devices before connecting to a public network.

Be smart about shopping apps
Apps make everything more convenient, including stealing your private information. Only download shopping apps from a reliable source like the Apple App Store or Android Market. Pay attention to the permissions that the app asks for. If you see something that doesn’t make sense, like access to your contacts, make sure you don’t allow the app access to it. Checking out the comments and reviews of an app before downloading is another way to identify suspicious activity.

Put devices on lockdown
One of the perks of online shopping is that you can do it from anywhere and use any device. Make sure every device that you shop from has security software in place. Always use a passcode to access your tablet or smartphone, and log off your computer or lock the screen when you walk away from it. After accessing a shopping or banking site, be sure to completely log out of the site before exiting, and don’t let your computer or device remember your usernames, passwords, or credit card information.

A stolen identity is even worse than a lump of coal in your stocking. Make sure you have only nice surprises this holiday season by sticking to these smart online shopping tips to keep you and your information protected.

Uncategorized

5 mobile security threats you can protect yourself from.

Once your phone is hacked, your other devices may be next if they are connected. That’s because your overall online security is only as strong as the weakest link in your chain of connected devices. Malware can spread from your hacked phone to your tablet or another mobile device through the network.

This article identifies five mobile security threats and how you can help protect yourself from them.

1. Madware and spyware

Madware is short for mobile adware. It’s a script or program installed on your phone, often without your consent. Its job? To collect your data for the purpose of better targeting you with ads. On top of that, madware often comes attached at the hip with spyware. Spyware collects data about you based on your internet usage and transmits it to a third party. That data is then bought and used by companies to send you advertisements. However, seeing more ads is the least of your worries when it comes to spyware. It also collects information about your location, internet usage, and even your contacts. This makes it a problem not just for you, but perhaps also for everyone you know.

2. Viruses and Trojans 

Viruses and Trojans can also attack your mobile devices. They typically come attached to what appear to be legitimate programs. They can then hijack your mobile device and mine the information it holds or has access to, such as your banking information. Viruses and Trojans have also been known to send premium text messages that can be costly

3. Drive-by downloads

Drive-by downloads refer to any malware installed on your device without consent. If you visit the wrong website or open the wrong email, you might be exposed to a drive-by download that automatically installs a malicious file on your mobile device. The file could be anything from adwaremalware or spyware to something far more nefarious, like a bot, which can use your phone to perform malicious tasks.

4. Browser exploits

Browser exploits take advantage of known security flaws in your mobile browser. Browser exploits also work against other applications that function with your browser, such as PDF readers. If you see that your mobile browser’s homepage or search page has unexpectedly changed, it could be a sign that you’re a victim of a browser exploit.

5. Phishing and grayware apps

Phishing apps are a new take on an old theme. In the past, criminals would send emails that appeared to come from a trusted source. They’d ask for personal information, such as your password, hoping you’d be trusting enough to respond. Phishing apps are designed to look like real apps, and a mobile device’s smaller screen can make it even more difficult to tell the difference. These fake apps secretly collect the information you input — passwords, account numbers, and more.

Grayware apps aren’t completely malicious, but they can be troublesome because they often expose users to privacy risks.

How to protect yourself from mobile security threats

Mobile security threats may sound scary, but here are six steps you can take to help protect yourself from them.

  1. Keep your software updated. Only 20 percent of Android devices are running the newest version and only 2.3 percent are on the latest release.1 Everything from your operating system to your social network apps are potential gateways for hackers to compromise your mobile device. Keeping software up to date ensures the best protection against most mobile security threats.
  2. Choose mobile security. Just like computers, your mobile devices also need internet security. Make sure to select mobile security software from a trusted provider and keep it up to date.
  3. Install a firewall. Most mobile phones do not come with any kind of firewall protection. Installing a firewall provides you with much stronger protection against digital threats and allows you to safeguard your online privacy.
  4. Always use a passcode on your phone. Remember that loss or physical theft of your mobile device can also compromise your information.
  5. Download apps from official app stores. Both the Google Play and Apple App stores vet the apps they sell; third-party app stores don’t always. Buying from well-known app stores may not ensure you never get a bad app, but it can help reduce your risk.
  6. Always read the end-user agreement. Before installing an app, read the fine print. Grayware purveyors rely on your not reading their terms of service and allowing their malicious software onto your device.

Uncategorized

Social media safety tips for children.

In our modern society, social media is one of the most common ways we communicate with one another. This is true for adults and children.

many children will find even more time than usual to spend on their phones, tablets, or computers. Often times they are communicating through social media apps. Do we know who they are talking to? Do they really know?

As parents, our main goal is to keep our children safe and healthy. This applies to both physical and emotional health.

One important way to help them stay safe while using social media is to monitor their usage. Just like when our children spend time with their friends in real life, we need to know what they are doing and who they are talking to through social media platforms.  

While it is important to give our children some freedom, we still need to know that they are being safe and following the social media rules we set for them. Giving them clear rules and consequences for their misuse will help them continue to use social media in a positive manner.

Teach them social media safety habits. While it is ideal to share this information with them before they get on social media for the first time, that might be difficult. These rules and safety measures will be valuable at any time.

According to http://www.connectsafely.org/social-web-tips-for-teens/, some of the things children (of any age) can do to stay safe online are as follows:

1. Be your own person. Never pretend to be someone that you are not. Be who you really are and you will attract the people who will become your real friends.

2. Be nice. Don’t say mean things just because you can hide behind a screen. Your words hurt the same as if you would say them to the person’s face.

3. Think about what you post. Remember that once it is out there it is out there for everyone!

4. Do not add people you don’t know on social media accounts. Having friends and followers is fun but can be dangerous when they are strangers.

5. Never send inappropriate pictures or engage in sexual conversations with peers or strangers. Never. Never. Never.

ALSO – NEVER GIVE OUT YOUR ADDRESS ON SOCIAL MEDIA! Don’t even tell anyone you don’t know what city you live in or what school you go to. Don’t post photos that show your school or give any information about where you live. Try to be as vague as possible about where you live.

If we stress the importance of these rules and safety habits and reinforce them with a consistent reward/consequence system, we can help our children stay safe online. This also will give us some peace of mind when trusting our kids with the responsibility and privilege of using social media.

technology

Cybercrime Attack Types.

Cybercrime can attack in various ways. Here, is some most common cybercrime attack mode:

Hacking:

It is an act of gaining unauthorized access to a computer system or network.

Denial Of Service Attack:

In this cyberattack, the cyber-criminal uses the bandwidth of the victim’s network or fills their e-mail box with spammy mail. Here, the intention is to disrupt their regular services.

Software Piracy:

Theft of software by illegally copying genuine programs or counterfeiting. It also includes the distribution of products intended to pass for the original.

Phishing:

Pishing is a technique of extracting confidential information from the bank/financial institutional account holders by illegal ways.

Spoofing:

It is an act of getting one computer system or a network to pretend to have the identity of another computer. It is mostly used to get access to exclusive privileges enjoyed by that network or computer.

technology

Cyber security for phone.

Mobile phones contain a great deal of personal information about you. Many apps on your phone provide access to your bank accounts or other accounts that contain sensitive information. These apps may also store credit card information that can allow criminals to buy whatever they want and ship it wherever they want. What’s more, your phone probably contains direct access to your e-mail, text messages and social media accounts that can be used to steal your identity and to trick your friends into providing their sensitive information as well.

Things like this can happen when an attacker physically gets ahold of your mobile device, sure. But did you know that there are a growing number of exploits that take advantage of your phone’s Bluetooth, Wi-Fi and cellular connections to gain virtual access to your phone? It’s true! Phones can be infected with malware just like a computer can!

So what should you do to make sure your mobile phone is secure? The following is a list of tips we recommend.

Use a strong pin or password on your phone

Consider enabling fingerprint logins to your device

Disable Wi-Fi and/or Bluetooth when you don’t need them

Be careful what apps you download and what services you allow them to access

Disable location services when you don’t need them

Be careful about where you plug in your phone

Employ remote wiping software

Backup your phone often.

technology

How secure are mobile banking apps?

Mobile security comprises several challenges of web security such as rapid development and continuous network connectivity, coupled with the threats common to more traditional applications like local encryption and malware. Mobile banking apps can be targeted from different surfaces, which we cover below.

Browser-based attacks
As a matter of fact, browsers are integral to an efficient working environment but they also serve as the ideal cyber attack vector. Web-based threats exploit browsers as well as their extensions, browser third-party plug-ins (e.g. JavaScript) and content management systems (CMS) to harvest credentials and infect systems with malware.

Man-in-the-Mobile (also known as MitMo attacks). This attack enables malevolent users to leverage malware placed on mobile devices to bypass password verification systems that send codes via SMS text messages to users’ mobile devices for identity verification. In that way, intruders can access or manipulate mobile functionality including getting access to victim’s bank account. Because one-time passwords are easily defeated by this attack, the effective solution is known to be the offline and time-generated passwords.

Clickjacking. Clickjacking is a malicious attack where the attacker hijacks a UI component on a website. Technically, an invisible iframe (a frame within a frame) is placed above a clickable element on the page and instead of doing the action that was planned, the attacker’s iframe is in function instead. There are different variations of the clickjacking attack, three of which are likejacking, cropping and cursorjacking. Apart from stealing bank account information and social security numbers, clickjacking can also install different apps on a device without the user’s knowledge.

Phishing. Phishing is a type of social engineering attack often utilised via emails to steal login credentials and financial information. Banking institutions have email filtering in place, and these products do a decent job of keeping phishing and malicious emails away from users. However they are far from perfect, simply because the phishing landscape is evolving tremendously. Yet, be informed that bank websites always make use of “https” on their websites and if you do not see the “https” prefix before the site’s URL, it means that the site is not actually secure.

Phone/SMS-based attacks
The growing pool of mobile devices has become an attractive target for cyber criminals. Your mobile phone can be attacked and infected with worms or other viruses, which can compromise your security and privacy. Phone or SMs-based attacks can result in theft of sensitive information, so remain informed.

SMishing. SMishing (also known as SMS phishing) sends a text message to a user’s phone in an attempt to get them to reveal personal information. This attack is a growing and serious concern for all banking unions. The most common type of smishing attack is that a person gets a text message that directs them to call a number to confirm account information. In smishing attacks, success rates are higher compared to a traditional phishing attack because a user considers that the communication is legit.

NFC attacks. NFC that stands for Near Field Communication is a short-range contactless communication standard. Today, NFC technology is widely used in a number of applications including physical access control and cashless payment. But, how secure NFC is? There are several potential threats to NFC which you should be aware of. The first threat is eavesdropping which happens when an intruder deletes or modifies data that is exchanged between 2 devices. Another threat is a relay attack which refers to the extraction of data, utilising a bridge between a NFC or mobile payment system and the PoS or terminal in real time.

Application-based attacks
The influx of new financial applications released every year has increased the volume of cyber security threats against mobile banking apps. Given that, incorporating mobile app security into overall security strategy must be of topmost importance for financial institutions.

Insecure data storage. According to a report published by Digital.ai titled “In plain sight: The vulnerability epidemic in financial mobile apps“, 83% of financial institutions apps stored data insecurely. Some examples of the errors that are usually made while securing data storage include improperly storing certificates and passwords, weak algorithm choices, not including the necessary maintenance precautions, and many more.

Weak encryption. One of the most crucial components for banking apps is encryption. When an app has weak encryption, it may lead to sensitive data exposure, broken authentication and spoofing attacks. Once data is encrypted, only authorised parties who have a ‘key’ can read it. Banks should use advanced encryption standards to keep customers’ data out of the hands of unauthorised users.

Improper SSL validation. SSL is a digital certificate that use encryption security for the protection of data. Their existence offers authentication to the sites, confidentiality of transactions, as well as integrity of information. Bugs in a mobile banking app’s secure socket layer (SSL) validation process may result in data security breaches.

technology

Internet safety risks for school-age children.

There are four main kinds of internet risks for children.

Content risks
For school-age children these risks include things that they might find upsetting, disgusting or otherwise uncomfortable, if they come across them accidentally. This might include sexual content in games, pornography, images of cruelty to animals, and real or simulated violence.

Contact risks
These risks include children coming into contact with people they don’t know or with adults posing as children online. For example, a child might be persuaded to share personal information with strangers, provide contact details after clicking on pop-up messages, or meet in person with someone they’ve met online.

Conduct risks
These risks include children acting in ways that might hurt others, or being the victim of this kind of behaviour. For example, a child might destroy a game that a friend or sibling has created. Another conduct risk is accidentally making in-app purchases.

Contract risks
These risks include children signing up to unfair contracts, terms or conditions that they aren’t aware of or don’t understand. For example, children might click a button that allows a business to send them inappropriate marketing messages or collect their personal or family data. Or children might use a toy, app or device with weak internet security, which leaves them open to identity theft or fraud.

Protecting children from internet safety risks: tips
You can use a range of different strategies to help your school-age child stay safe online.

Here are some ideas:

Create a family media plan. It’s best to create your plan with your child and ask them for suggestions. Your plan could cover things like screen-free areas in your house, internet safety rules like not giving out personal information, and programs and apps that are OK for your child to use.
Use child-friendly search engines like Kiddle or Kidtopia, or content providers like ABC Kids, CBeebies, YouTube Kids and KIDOZ, or messaging apps like Messenger Kids.
Check that games, websites and TV programs are appropriate for your child. You can do this by looking at reviews on Common Sense Media.
Use the internet with your child or make sure you’re close by and aware of what your child is doing online. This way you can act quickly and reassure your child if they’re concerned or upset by something they’ve seen online.
Check privacy settings and location services, use parental controls, and use safe search settings on browsers, apps, search engines and YouTube. Limit camera and video functions so your child doesn’t accidentally take photos of themselves or others.
If you use TV streaming services, set up profiles for different household members so your child is less likely to come across inappropriate programs.
Find out how to make complaints about offensive online content.
Block in-app purchases and disable one-click payment options on your devices.
Encourage all your children, including older siblings, to help each other use the internet safely and responsibly – for example, by watching only age-appropriate programs.
Trust between you and your child helps keep your child safe online. Calm, open conversations about internet use can help your child feel that you trust them to be responsible online. And if your child feels trusted, they’re more likely to talk with you about what they do online and tell you about online content and contacts that worry them.

It’s best to avoid using surveillance apps that let you secretly monitor your child’s online activity. Using these apps sends the message that you don’t trust your child. It’s better to talk openly about your own internet use and encourage your child to do the same.

If you do choose to monitor your child’s internet use while they’re online or by reviewing their browser history, it’s good to talk about this with your child.

As your child gets older and more confident and starts using the internet independently, you’ll need to review your strategies. Our article on internet safety for children aged 9-11 years has ideas.

Teaching safe and responsible online behaviour
You can help your child learn how to use the internet safely, responsibly and enjoyably. If you teach your child how to manage internet safety risks and worrying experiences, your child will build digital resilience. This is the ability to deal with and respond positively to any risks they encounter online.

You can do this by:

going online with your child
talking with your child about online content and listening to their views
being a good role model
teaching your child to be careful with personal information
teaching your child to avoid online purchases
talking about appropriate online behaviour.
Going online with children
Going online with your child gives you the opportunity to see the apps or games your child plays, or the videos they watch.

You can share your child’s experience while also checking that the content is appropriate. One way to do this is by asking questions that show interest in what your child is doing – for example, ‘That looks like an interesting game. Can you teach me to play too?’

You can also show your child sites that are fun, interesting or educational and show your child how to bookmark them for later. You could help your child find information they need for homework by using the right kind of search words. For example, for information on a school project about how people lived in the past, your child might use a phrase like ‘life in Australia in the 1900s’, rather than ‘past life’.

If you come across pop-up advertisements while you’re online together, it’s a good opportunity to talk with your child about not clicking them. You can explain that pop-up ads can lead to sites with unpleasant pictures or sites that want your personal or financial information.

Talking about online content
It’s a good idea to explain to your child that the internet has all sorts of content and that some of it isn’t for children.

You could explain that there are parental controls, safe browsing settings and internet filters set up on most devices to protect children from inappropriate content. But these are not a guarantee and your child could still come across inappropriate content.

So it’s also a good idea to encourage your child to talk to you or another trusted adult if they see something that worries them. For example, you might say, ‘Sometimes people put horrible things on the internet. Some of it’s made up and some of it’s real. If you see anything that upsets you or makes you feel uncomfortable, let me know’.

If you name things to look out for, it can help your child identify unsuitable material. For example, ‘If you see a site with upsetting, scary or rude pictures, swearing or angry words, let me know. It’s not a good site for you to look at’.

You could also explain that not all information on the internet is true or helpful – for example, some news is made up. Encouraging your child to question things they find on the internet helps your child develop the ability to tell whether a website has good-quality information. This is an important part of digital and media literacy.

Being a good role model
Your child learns from you. This means you can model safe and healthy internet use by using digital media in the way you want your child to use it now and in the future. For example, you might keep internet-connected devices out of bedrooms, and use technology for positive purposes like sending supportive messages to friends.

Taking care with privacy and personal information
It’s a good idea to make sure your child knows not to communicate online with people they don’t know in person. This is particularly important if your child is using in-game social networks. For example, gaming sites like Roblox and Minecraft are targeted at children but have messaging features that might allow strangers to communicate with your child.

Encourage your child to:

tell you if someone they don’t know contacts them online
not give out personal information. You could say, ‘Some people online are fakers. Never tell anyone online your name, address, phone number or birthday. Never send or post images of yourself’
check with you before filling out membership forms on gaming sites, online competition entry forms and so on
ask you before they use a new app, so you can show them how to check the privacy settings to keep their personal information safe.
Avoiding online purchases
You can help stop any accidental in-app purchases by switching off in-app purchases and one-click payments on your devices.

It’s also a good idea for you and your child to agree on clear rules about not accepting in-app purchases. You might say, ‘It’s important that we don’t waste our money on things we don’t need. If you want to buy a new game or something in a game, please ask me’.

Talking about appropriate online behaviour
Talking with your child about appropriate and inappropriate online behaviour will help your child learn how to stay safe. For example, you could:

tell your child not to do or say anything online that they wouldn’t do or say face to face with someone
encourage your child to think before posting photos or comments
help your child to walk away from online arguments. You could say, ‘Friends can say things they don’t mean. It’s good to let people get over their moods and not talk to them online for a little while.