Throughout the year, cybercriminal activity has its highs and lows. Cybercriminals often benefit from events that enable them to reach more potential victims and turn their malicious intentions into profit. The start of a new school year is one such occasion. What types of cyber threats can you expect to encounter as your child returns to school? And how do you respond to them?
The beginning of a school year is a busy period: children and parents need to adjust to the new routine, deal with additional responsibilities – and, unfortunately, respond to more cyber threats. Any occasion occupying many people’s minds makes it easier for criminals to take advantage: Christmas, work holidays – or going back to school. How can cybercriminals benefit from your children returning to school? At the beginning of a school year, parents often receive numerous e-mails from the school and from retailers who offer school-related goods. “For attackers, the opportunity lies in the fact that parents naturally expect to receive such communications and may be prone to letting their guard down,” writes InfoSecurity magazine.
Urgency - cybercriminals’ friend
When trying to lure you into their traps, cybercriminals use their hacking abilities and psychological manipulation, which is why any festive or dynamic season plays into their hands. At the beginning of the school year, parents expect schools to contact them, and as a result, e-mails generated by cybercriminals can be easily perceived as legitimate official messages. Moreover, attackers can abuse your desire to provide for your child and use your selfless care against you. Social engineering, socially manipulative methods used by criminals, also includes inducing a sense of urgency and provoking their targets’ impulsivity. Attackers are likely to push you into a quick reaction, preventing you from thinking through your decisions or verifying any information they try to propound.
To abuse these “weaknesses”, cybercriminals are likely to use phishing – impersonating trusted institutions or individuals and sending you emails or messages with malicious links under their name. “For example, they may home in on a school, spoof the institution’s email address to appear as an official body and proceed to send phishing emails to anyone within a five-mile radius of the school after sourcing regional email addresses using geolocation tools,” InfoSecurity describes. Consequently, you may receive a message asking you to send tuition fees to the impersonated institution or a request to check your child’s credentials by clicking an attached link – and a demand that you do it immediately unless you want your child to lose their spot in the class. Cybercriminal activity linked to the back-to-school period may also benefit from the parents’ natural urge to buy new equipment for their children, such as student books, workbooks, writing utensils etc. if you receive an e-mail claiming that you can buy extremely low-price yet high-quality goods for your child’s classes just by “clicking the link below straightaway”, proceed cautiously. Don’t let cybercriminals rush you into abrupt decisions – that is precisely what they want.
Think before you click
The motivation behind these malicious attempts may vary. By making you believe you are paying tuition fees or purchasing school equipment, cybercriminals may try to obtain a large sum of money from you. Some phishing messages can be used to deliver malware or ransomware. At the same time, others may allow the attackers to access your data or that of your children and steal or illegally abuse it. By clicking the malicious links sent by the attackers, you may enable them to use your credentials to access your digital information or even get to your work accounts and the data of your employees – in this case, the attack may affect not only you but also your company and colleagues.
What can you do to protect yourself from these threats?
Being aware of the risk is a great place to start. Try to follow these principles to stay one step ahead of seasonal cyber threats.
1) Stay educated on cybersecurity and learn how to recognise social engineering tactics. What to look out for? Suppose you receive a message in the middle of the night with a generic salutation (“Dear parent,” “Dear customer”) from a suspicious sender address that contains unknown links and a call to quick action (“This offer only lasts today,” “Respond swiftly or we may remove your child from our program”). In that case, it is likely an example of phishing.
2) Always think twice. The back-to-school period can be rather stressful for many parents. You may feel the need to get everything ready for the upcoming school year in time, leaving you prone to deal with everything as swiftly as can be – and cyber-attackers may use this to their advantage. Don’t let yourself be pressured into ill-considered and abrupt reactions.
3) Follow the general principles of cyber-safety, such as using strong passwords or passphrases, employing a password manager and an MFA (multi-factor authentication), and regularly backup your data.
4) Finally, protect all your devices with trustworthy security software. The beginning of a school year can be a great time – kids reunite with their friends, and you can spend more time focusing on activities other than finding appropriate entertainment for your children. Don’t let cybercriminals turn this season into an unpleasant experience.
To better educate yourself and your children, visit Digital Matters - a free online learning platform developed with insights from teachers and parents to transform online safety education.