| Grooming

Back to school for kids, back to work for cybercriminals

| 23 Jun 2023

Throughout the year, cybercriminal activity has its highs and lows. Cybercriminals often benefit from events that enable them to reach more potential victims, and turn their malicious intentions into profit. The start of a new schoolyear is one such occasion. What types of cyberthreats can you expect to encounter as your child returns to school? And how do you respond to them?

The beginning of a schoolyear is a dynamic period: children as well as parents need to adjust to the new routine, deal with additional responsibilities – and, unfortunately, respond to more cyber threats. Any occasion that occupies the minds of a large number of people makes it easier for criminals to take advantage: be it Christmas, work holidays – or back-to-school. How can cybercriminals benefit from your children returning to school? At the beginning of a school year, parents often receive numerous e-mails from the school, as well as from retailers who offer school-related goods. “For attackers, the opportunity lies in the fact that parents naturally expect to receive such communications and may be prone to letting their guard down,” writes InfoSecurity magazine

Urgency is the cybercriminals’ friend

When trying to lure you into their traps, cybercriminals use not only their hacking abilities but also psychological manipulation, which is why any festive or dynamic season plays into their hands. At the beginning of the schoolyear, parents expect schools to contact them and, as a result, e-mails generated by cybercriminals can be easily perceived as legitimate official messages. Moreover, attackers can abuse your desire to provide for your child, and use your selfless care against you. Social engineering, socially manipulative methods used by criminals, also includes inducing a sense of urgency and provoking their targets’ impulsivity. Attackers are likely to push you into a quick reaction, and prevent you from thinking through your decisions or verifying any information that they try to propound. 

In order to abuse these “weaknesses”, cybercriminals are likely to use a method called phishing – impersonating trusted institutions or individuals and sending you emails or messages with malicious links under their name. “For example, they may home in on a school, spoof the institution’s email address to appear as an official body and proceed to send phishing emails to anyone within a five-mile radius of the school after sourcing regional email addresses using geolocation tools,” InfoSecurity describes. Consequently, you may receive a message asking you to send tuition fees to the impersonated institution, or a request to check your child’s credentials by clicking an attached link – and a demand that you do it immediately unless you want your child to lose their spot in the class. Cybercriminal activity linked to the back-to-school period may also benefit from the parents’ natural urge to buy new equipment for their children, such as student books, workbooks, writing utensils etc. If you receive e-mail claiming that you can buy extremely low-price yet high-quality goods for your child’s classes just by “clicking the link below straightaway”, proceed cautiously. Don’t let cybercriminals rush you into abrupt decisions – that is exactly what they want. 

Think before you click

The motivation behind these malicious attempts may vary. By making you believe you are paying tuition fees or purchasing school equipment, cybercriminals may try to obtain a large sum of money from you. Some phishing messages can be used to deliver malware or ransomware, while other may allow the attackers to access your personal data or that of your children, and steal or illegally abuse it. By clicking the malicious links sent by the attackers, you may enable them to use your credentials to access your digital information, or even get to your work accounts and to the data of your employees – in this case, the attack may affect not only you, but also your company and colleagues. 

What can you do to protect yourself from these threats? 

Being aware of the risk is a great place to start. Try to follow these principles to stay one step ahead of seasonal cyberthreats.

  1. Stay educated on cybersecurity and learn how to recognize social engineering tactics. What to look out for? If you receive a message in the middle of the night with a generic salutation (“Dear parent,” “Dear customer”) from a suspicious sender address that contains unknown links and a call to quick action (“This offer only lasts today,” “Respond swiftly or we may remove your child from our program”), it is likely an example of phishing. 
  2. Always think twice. The back-to-school period can be rather stressful for many parents. You may feel the need to get everything ready for the upcoming schoolyear in time, leaving you prone to deal with everything as swiftly as can be – and cyber-attackers may use this to their advantage. Don’t let yourself be pressured into ill-considered and abrupt reactions. 
  3. Follow the general principles of cyber-safety, such as using strong passwords or passphrases, employing a password manager and an MFA (multi-factor authentication), and also regularly backup your data. 
  4. Finally, protect all your devices with trustworthy security software

The beginning of a schoolyear can be a great time – kids reunite with their friends, and you can spend more time focusing on activities other than finding appropriate entertainment for your children. Don’t let cybercriminals turn this season into an unpleasant experience. 

ESET Parental Control for Android ESET Parental Control for Android

Make the internet safer for your children

With ESET Parental Control for Android


Monthly newsletter