Social Engineering: Digital Decoys Enticing Kids to Click

Toronto, ON (Feb. 19, 2024) – You may have heard warnings about “social engineering.” While the term is simply a fancy way of describing fooling people into giving away their personal info online, the repercussions are quite serious.

Examples of social engineering include phishing, which occurs when a scammer sends people fake emails, or smishing, when the same tricks are deployed via text messaging. Anyone – old, young or somewhere in between – can fall for identity-based scams.

In 2021, the Canadian Anti-Fraud Centre received more than 9,000 reports of phishing-type attacks. While the centre did not break down the victims’ ages for those reports, it did note that more than 3,200 reports of identity fraud involving victims under 19 years old that year.

Why? This may be due to the tendency of young minds to admire openness and abdicate privacy. Add on the open-sharing influence of social media, and personal security risks rise exponentially.

Awareness is job No. 1

Parents can help lessen the danger. Being aware of common (and not-so-common) snares is a parent’s best shot at keeping kids out of them. The idea is to empower children with warning signs vs. scare them with horror stories.

Take talent traps, for example. Attackers steal emails and cell numbers from organizations like local youth sports clubs and child modeling agencies. Scammers then send fake invites to showcases, auditions and tryouts to trick teens and parents into “registering” online with vital information, including Social Insurance numbers.

Another highly scalable scam begins with the theft of school district databases. A text about a child marked as late or weather advisory entices recipients to click a link, which downloads data-stealing malware onto victims’ phones.

A third highly profitable (for the criminals) scheme is to message young gamers with offers of in-game goods, such as skins, characters or unlocked levels in popular games. Engaging with messages like this can lead to theft of credit card and other financial information and may even expose children to virtual, and even in-person, exchanges with predators.

Crooks can do a lot with a child’s stolen data

Once criminals have stolen personal information, there is no shortage of tricks they can pull. Most of those tricks end up costing victimized families money and time, not to mention stress. The two main categories of data exploitation are:

One-off crimes, such as using a single victim’s stolen data to take out a student loan in the victim’s name or open a digital payment account with a similar looking username.

Selling the data of multiple victims in bulk to dark web warehouses that advertise databases of personal information on the digital black market.

Four parental best practices for the social engineering age

One effective way to protect a child’s data from getting wrapped up in one of these scams is to monitor their personally identifiable information (PII) on the web as well as enabling monitoring of their social media accounts to provide parents with an early warning of social engineering attacks on their social media platforms.

Another parental best practice is to regularly run antivirus or antispyware scans on the phones of minors in the household…and their own phones while they’re at it. Most phones and antivirus software allow users to opt for automatic scans at regular intervals. This may be easier for busy parents (which, last time I checked, describes all parents).

Third, parents can instill a healthy sense of skepticism in their kids by exposing them to real-life threats in a safe environment. Kids should get to see age-appropriate examples of phishing texts and social engineering attempts. By seeing for themselves the kind of malicious “content” that is floating around disguised as legitimate, they develop their own scam radars. Telling them stories of people who have had the wool pulled over their eyes, followed by discussions of what they would have done differently in a similar circumstance can also exercise common-sense muscles.

Most importantly, parents should model smart online behavior. If something seems odd to them, parents should take the time to explain what looks out of place. Then, let children witness them doing things like calling a friend to verify the authenticity of a message or navigating to a website on their own rather than clicking a link.

Take advantage of rinse and repeat strategies

The success of most social engineering comes down to timing. Attackers have gotten good at knowing when we’re at our most gullible, whether that’s during a global crisis or just later in the day. By using mass-scale assaults, they learn just like the rest of us do – through trial and error. When a scam works, rinse and repeat.

You and your child can take advantage of this greedy replication, however. Scammers are showing their cards by running the same or similar schemes on repeat. Stay up to date on the news, talk about it often and have regular check-ins on best practices. It may not be your child’s favorite conversation, but protecting their identity is worth every eyeroll you earn.

About Trinity Underwriting

Trinity is a true underwriting manager with in-house authority and underwriting expertise. We don’t wholesale. If you get a quote from us, it’s from us, not some other overseas company. That way we can quote most business the same day, keep the transaction costs down and we can pass those savings on to your clients. Many of your Insureds’​ assets have historically been tangible (inventory, land, cars), but today have become intangible (intellectual property, brand recognition, data). Trinity focuses on insuring those intangible assets through a variety of products (E&O, Cyber, D&O, Legal Expense). In doing so, we help your clients focus on the important tasks, like building their businesses. We’re backed by two of the three largest A rated reinsurers in the country, allowing us access to their resources, knowledge, and expertise. We’re Canadian, and claims are handled domestically by our in-house TPA. We are not owned by a retail broker. When you use us, you’re not putting money in your competitor’s pockets. For more information, visit www.trinityunderwriting.ca.

SOURCE: Trinity Underwriting

Tags: ,