Oleh Diposting pada

When I was growing up, I never gave much thought to the communications between my parents and my teachers. Typically, there was a back-to-school night; if ever I did something wrong, the communication was made in a phone call from the teacher or principal; and there were letters/results that needed to be signed by my parents.

Now, if you were raised in the 80s/90s and are a little bit like me, there’s a chance that your parents didn’t always see these letters/results and the letters maybe had a forged signature or two. To be fair, karma caught up with me on a few occasions and my son wrote a note to his teacher once as well signing it with “Love, name redacted’s Mom”.

While my son’s note gave all involved a chuckle, in all seriousness, technology has now enabled communications between parents and teachers and also teachers and their students. Likewise, there are multiple ways for students to connect with other students. With all these tech-enabled communications for school, there are multiple “human element” fail points – so being a security company with a blog, we’d be remiss not to offer some tips to keep you and your kids safe and sound.

Parent to teacher

Who remembers the pandemic? You know, the one that introduced us to the lovely world of remote learning. At the time, it was nice to see how the educational system was flexible enough to embrace technology quickly and assure that the kiddos’ education could continue.

Fast-forward a few years to today and the technology still has a firm grip within the school systems. As a resident of the U.S., my children are now using Chromebooks vs textbooks and there are various apps that the teachers use to keep us up to date on progress. There are a number of these apps and they’ll vary from case to case, but ours are Remind and Google Classroom.

While these platforms are very integrated and easy, they still also tie into emails. So parents should be extra careful to make sure that the sender and the links within mails aren’t malicious.

Student to teacher

The above-listed apps are also used for students to communicate with teachers; however, they also have the added level of an internal email that could be used to communicate with the teachers directly. While email in Google’s ecosystem should be locked down and be more of an internal messenger, it’s good practice to let kids know they should be cautious of what they’re sending to teachers, as well as the links that teachers are sending along that direct them outside their school’s ecosystem.

Student to student

Perhaps the most tricky part of kids going to tech-enabled school is that we live in a tech-enabled society. This means that (almost) everyone has a smartphone or other connected device and the ills that come with them – including messaging apps, social networks, a camera and SMS.

Perhaps the biggest risk that we have when discussing schools and tech is the phones within the pockets of our little ones. There are simply too many avenues for sharing that our kids can take advantage of. As parents, we need to make sure that we have them set up with a device that’s secure. And before you say it, NO – the device is not secure out of the box, despite marketing messaging. You should make sure that you install a reliable security solution on any device your kids use to help add in a layer of extra protection. Here are some tips that can help further securing the phone.

Sharing is not always caring

This final tip is for both parents and kids. Repeat after me: Sharing is not always caring.

While many applications provide the ability to share what you’ve received via various channels, when it comes to schooling, this should be avoided. Also, as mentioned, our phones are the biggest risk to us.

We literally have at our fingertips the ability to broadcast our opinions, thoughts, pictures, videos…  even what we’re doing on the toilet in real time and to the whole world. Sure, this is empowering, but it is also something that could come back to hurt us.

This is a lesson we need to remember as parents and also to impart to our children. Being prudent is a huge part of life: not everything needs to be shared. We all need to take a minute to take a step back and think about what we’re doing before hitting send.

Now, before I preach to the choir, I’ll admit that I often post stupid things: you can see this on my X, for example; however, I still think before hitting send. As parents, we need to let our kids know that the stuff they post could not only get them in trouble (broadcasting fights, illegal activity, etc.), but also that there are things that could hurt them well down the line in the employment space. As they say… the internet never forgets!


#protect #childs #privacy #social #networks #IMs

Oleh Diposting pada

Previous posts in our back-to-school series have covered how to protect your child’s devices and explain the importance of cybersecurity in school. Today we talk about the core, and often unavoidable, apps used in modern education. This means electronic diaries and virtual classrooms, plus videoconferencing for distance learning. They are all insecure.

Electronic diaries

Electronic study-diaries and virtual classroom websites are used these days to help administer  the educational process. Educators use them to share lesson schedules, homework assignments, and announcements. And parents can see their kids’ grades, or even chat with their teachers.

The main problem with such web applications is the substandard protection of personal data that’s provided. In 2020, the attorney general of the U.S. state of New Mexico even filed a lawsuit against Google Classroom, citing the company’s alleged practice of collecting personal data from children and using it for commercial purposes. And in 2022, the Dutch Ministry of Education introduced a number of restrictions on the use of Google services in schools for the exact same reason.

Unfortunately, in most cases parents have no control over what services schools decide to use. The story of Google Classroom is by no means the worst. Issues with the service have been openly discussed for a long time, and Google has been forced to take note and beef up its protection. But, as a father of three, I’ve had the (mis)fortune of seeing other electronic diaries in action, where the situation with personal data storage and transfer is nothing if not murky.

What can parents do about this? Asking the school for all details about privacy and personal data usage in all services you need is a good start. And teach your kid how to leave as little personal data as possible on such sites.

Videoconferencing

The covid lockdown was a big eye-opener for many kids: turns out you don’t need to go to school! Lessons suddenly became more fun but for the wrong reasons: my daughter chats with her teacher in one window — and watches a movie or plays a game in another (or on a different device).

Such distance “learning” only adds to the worries of parents. Even before covid, we had to monitor what our kids were downloading, since banking Trojans, spyware and ransomware are forever sneaking in under the guise of legal apps — even in Google Play and other official stores. But at least in school they were less exposed to such threats, because internet usage was not generally a part of in-class learning.

With the distance-learning revolution, however, there are now even more apps on our kids’ tablets for us parents to fret about, as well as unlimited internet use for “study” purposes.

And although the lockdowns are long over, many schools continue to practice distance learning for some classes. Meanwhile, Zoom, Teams, and other videoconferencing platforms remain vulnerable to attacks. The most obvious consequence of such attacks, as before, is personal data leakage. But it can get worse: if a malicious third party were to gain access to a virtual classroom, they might show some decidedly “non-kid-suitable” videos.

And even if parents are versed in the safe hosting of video chats, they are unlikely to be able to influence the school’s choice of tools. Here, too, you should ask the school for an explanation as to why an insecure program was chosen.

In addition, you need to teach your kids the basic safety rules of using such apps. In particular, your child should learn to turn off both the microphone and camera when not required, as well as to blur the background and disable screen-sharing by default. And of course, your child should never accept video chat invitations from strangers — or communicate with any if they do show up uninvited to a video conference.

And it goes without saying that all devices your child uses should be protected with a reliable security solution — one that guards against viruses and personal data leaks on computers and mobile devices, and keeps your kid’s privacy intact. Remember that with your free annual subscription to Kaspersky Safe Kids as part of Kaspersky Premium, in addition to total protection for all devices, you get powerful parental controls over your child’s online activity and offline location.


#Backtoschool #threats #virtual #classrooms #videoconferencing

Oleh Diposting pada

The start of the new school year plunges many parents back into the traditional routine: packing the kids off to school in the morning, and helping with homework in the evening. However, this ordered life is being disrupted by new technologies, which are rewriting the rules of digital hygiene. As ever, the first who have to get to grips with them are the parents.

In this series of posts, we explain what cyberthreats should be front-of-mind for parents in the new school year. Let’s start with the fundamentals, with the hardware — that is, with securing the devices that today’s schoolchildren can’t (or can) live without.

Geolocation, or “where are my kids?”

When I was in school, the only way my folks could track my class-skipping was from the attendance register. Today, parents have it easy in one sense: they can keep a close eye on their kids using smart gadgets. The downside, of course, is that those parents are becoming obsessed with their little ones’ whereabouts and physical safety. Even tiny tots can be watched over by a baby monitor or even a doll. And to oversee school attendance, parents offer their offspring smartwatches and other wearable trackers.

There are security issues common to all these devices. First, in the rush to bring their products to market, developers often fail to test them for vulnerabilities. Second, many of these new devices have uncommon architectures. This can means that either there are no antiviruses for them, or there’s no available interface to put a security solution in place.

This plays rights into the hands of hackers, who can connect to a smartwatch and spy on the wearer, or download a Trojan onto it to steal valuable data.

In addition, a smartwatch or tracker is yet another device you need to buy, monitor its battery, wrestle with the settings… But wait! Your child probably has a smartphone already, right? (To keep it safe, check out our step-by-step guide on how to ensure its security.) So that means you can install the Kaspersky Safe Kids app (available for iOS and Android), which, among other things, lets you monitor your child’s movements in real time. The map simultaneously displays all of your children’s devices, together with the battery level of each, so you can see at a glance where all of them are and whether you need to call someone to get them to recharge their phone.

The Kaspersky Safe Kids home screen shows both where your kids are and how much charge is left on their phones

The Kaspersky Safe Kids home screen shows both where your kids are and how much charge is left on their phones.

By the way, you can now get Kaspersky Safe Kids free with a Kaspersky Premium subscription to protect all of your family members’ devices from just about any threat.

Gadgets for study? We wish…

With the transition to digital teaching aids, parents face the question of which device to get for their kids. A mobile phone won’t do: small screens hurt the eyes. And to write essays you need a normal keyboard.

A shiny new iPad or MacBook Air, then? If it’s a junior schoolchild we’re talking about, bursting with energy, I wouldn’t advise it. An expensive tablet or laptop is likely to get smashed, along with your nervous system. Don’t even ask how many broken screens I, a father of three, have had to replace already. These troubles end only (if you’re lucky) when your kids become teenagers, when they’re likely to start to take more care of their devices — probably due to FOMO, since at that age social life is everything, and for today’s youth a huge part of it takes place online.

Maybe give your kid a hand-me-down laptop or tablet? Your wallet would appreciate it, but it’s not a win-win. Your old devices need to be scrubbed clean (digitally at least) before they get anywhere near your kids. For tablets and mobile devices, a full reset of all settings and data is best; for laptops — reinstall the operating system. And clear all traces of your Apple or Google IDs if you don’t want to repeat my wife’s experience: she gave our daughter her old tablet, which was still logged into all her accounts… linked to her bank cards… So after just a few minutes of play, our daughter went on an online shopping spree!

Another option is “school” tablets and laptops, which are simpler and cheaper models. Some of them, like Chromebooks, are even positioned as more secure. That said, many threats — such as fake browser extensions, hidden cryptominers, phishing/malicious websites — affect Chromebooks, too.

Wi-Fi freeloading is dangerous

A lot of parent-child conflicts these days stem from kids spending too much time online or visiting inappropriate sites. The most common method of control is to limit both screen time and screen access with the help of a parental control app such as Kaspersky Safe Kids. But some parents think it’s enough to just impose general internet-wide restrictions: when the paid-for data allowance runs out — no more access.

But this simply encourages children to look for free access on the side. And they’re sure to find it! Either a friend will set up a Wi-Fi hotspot on their iPhone right there in class, or a nearby cafe will let anyone connect without a password. Needless to say, it’s easy to stumble across a fake access point and fall victim to scammers.

There are two ways to overcome this problem. The radical option is to ban connections to unknown Wi-Fi networks on your child’s smartphone and block access to settings by means of an additional security code (for Android smartphones when using Kaspersky Security & VPN) or Parental Control. This should work for younger schoolchildren.

With teens, bans are likely to fail. So you’ll have to adopt the more liberal option of teaching your child the rules of safe Wi-Fi use. In particular, they need to know that a VPN is not just for anonymous browsing of dubious sites, but for encrypting the connection even when using unsecured Wi-Fi.

Get maxed-out protection

But no matter how you explain the rules of cybersecurity to your kids, remember they’re a lot younger and naiver than you, and therefore more vulnerable to online scams. That’s why it’s imperative to install and configure a reliable security solution on every single device you give them — one that will protect your kids not only from viruses, but also from phishing, spam calls and data leaks, as well as mindfully guard their online privacy.


#safeguard #kids #gadgets #school #year

Oleh Diposting pada

Authored by: Lakshya Mathur and Yashvi Shah 

As the Back-to-School season approaches, scammers are taking advantage of the opportunity to deceive parents and students with various scams. With the increasing popularity of online shopping and digital technology, people are more inclined to make purchases online. Scammers have adapted to this trend and are now using social engineering tactics, such as offering high discounts, free school kits, online lectures, and scholarships, to entice unsuspecting individuals into falling for their schemes. 

McAfee Labs has found the following PDFs targeting back-to-school trends. This blog is a reminder for parents on what to educate their children on and how not to fall victim to such fraud.

Fake captcha PDFs campaign 

McAfee Labs encountered a PDF file campaign featuring a fake CAPTCHA on its first page, to verify human interaction. The second page contained substantial content on back-to-school advice for parents and students, giving the appearance of a legitimate document. These tactics were employed to make the PDF seem authentic, entice consumers to click on the fake CAPTCHA link, and evade detection. 

Figure 1Fake CAPTCHA and scammy link 

Figure 2 – PDF Second Page

 

Figure 3 – Zoomed in content from Figure 2

 

As shown in Figure 1, there is a fake captcha image that, when clicked, redirects to a URL displayed at the bottom left of the figure. This URL has a Russian domain and goes through multiple redirections before reaching its destination. The scam URL contains the text “all hallows prep school uniform,” and leads to a malicious site that sets cookies, monitors user behavior, and collects interactions, sending the data to servers owned by the domain’s operators. 

Figures 2 and 3 display the second page of the PDF, designed to appear legitimate to users and spam and security scanners. 

In this campaign, we identified a total of 13 domains, with 11 being of Russian origin and 2 from South Africa. You can find the complete list of these domains in the final IOC (Indicators of Compromise) section. 

All domains were created in 2020 and 2021 and use Cloudflare’s name servers. 

Geographical Distribution 

These domains were discovered operating worldwide, targeting consumers across various countries. The United States and India stood out as the top countries where users were most often targeted. 

Figure 4 – Geographical distribution of all the scam domains 

 

As the season begins, the scenario is only the beginning of back-to-school scam season. Parents and students should remain vigilant against fraud, such as: 

  • Shopping scams: During back-to-school season, scammers employ various tactics: setting up fake online stores offering discounted school supplies, uniforms, and gadgets, but delivering substandard or nonexistent products; spreading fraudulent social media ads with enticing deals that lead to fake websites collecting personal information and payment details; and sending fake package delivery emails, tricking recipients into clicking on malicious links to perform phishing and malware attacks.  
  • Tax/Loan free scams: Scammers target students and parents with student loan forgiveness scams, offering false debt reduction programs in exchange for upfront payments or personal information. They also entice victims with fake scholarships or grants, prompting fees or sensitive data, while no genuine assistance exists. Unsolicited calls from scammers posing as government agencies or loan providers add to the deception, using high-pressure tactics to extract personal information or immediate payments. 
  • Identity theft: Scammers employ various identity theft tactics to exploit students and parents: attempting unauthorized access to school databases for personal information, creating fake enrollment forms to collect sensitive data, and sending phishing emails posing as educational institutions or retailers to trick victims into sharing personal information or login credentials. 
  • Deepfake AI Voice scams: Scammers might use deepfake AI technology to create convincing voice recordings of school administrators, teachers, or students. They can pose as school officials to deceive parents into making urgent payments or sharing personal information. Additionally, scammers might mimic students’ or teachers’ voices to solicit fraudulent fundraisers for fake school programs or claim that students have won scholarships or prizes to trick them into paying fees or revealing sensitive information. These scams exploit the trust and urgency surrounding back-to-school activities. 

How to Stay Protected? 

  • Be skeptical, if something appears to be too good to be true, it probably is.  
  • Exercise caution when registering or sharing personal information on questionable sites. 
  • Stay informed about these scams to safeguard yourself 
  • Maintain a skeptical approach towards unsolicited calls and emails. 
  • Keep your anti-virus and web protection up to date and perform regular full scans on your devices. 

 

IOC (Indicator of Compromise) 

Filetype/URL  Value 
PDF  474987c34461cb4bd05b81d040cae468ca5b88e891da4d944191aa819a86ff21 
426ad19eb929d0214254340f3809648cfb0ee612c8374748687f5c119ab1a238 
5cb6ecc4af42075fa822d2888c82feb2053e67f77b3a6a9db6501e5003694aba 
Domain  traffine[.]ru 
leonvi[.]ru 
trafffi[.]ru 
norin[.]co[.]za 
gettraff[.]ru 
cctraff[.]ru 
luzas.yubit[.]co[.]za 
ketchas[.]ru 
maypoin[.]ru 
getpdf.pw 
traffset[.]ru 
jottigo[.]ru 
trafffe[.]ru 

Introducing McAfee+

Identity theft protection and privacy for your digital life


#Season #School #Scams