If you and your family are online, you’re visible around the world — and with more than 10 billion internet-connected devices, opportunities for hackers abound. In 2023 alone, over 300 million people were impacted by breaches, and nowadays, one in every 12 people have already been a victim of identity theft — children included.
Cybersecurity policies and best practices are often overlooked when it comes to implementing them for your family and your personal finances. Unfortunately, simply having online accounts, Wi-Fi-enabled devices, and then personal information like Social Security numbers all pose a risk for you and your family. But don’t panic just yet. If you know what to look for, you can dramatically reduce the risk of a cyberattack.
You may already know cybersecurity basics: changing passwords regularly and using a password manager, doing regular software updates, and not opening attachments from people you don’t know. But, as cybersecurity professionals learn how to prevent attacks, cybercriminals invent new ones. So, let’s look at some of the ways hackers can impact kids and adults so you can keep your family safe from cyberattacks.
1. Avoid phishing scams targeting financial and personal information
Most people think they won’t be a target for a cyberattack, but more than 50% of attacks are untargeted. Email phishing scams are a great example of this. In fact, social engineering emails are the most common cause of a cybersecurity issue, and that’s why the entire family must take precautions, especially when computers are shared.
Now, hackers come after us by pretending to be those we trust — banks, cellphone companies, the government, and even friends and family members. So, when opening emails, look out for these warning signs:
Asking for private information
If you receive an email asking for account numbers, passwords, or any other sensitive information, it’s likely a phishing scam. Scammers are skilled at making emails look like they come from authoritative sources like the IRS, but organizations like the IRS won’t email or call you for information if there’s an issue (they’ll contact you through U.S. mail or come right to your door.) If you’re not sure if an emailer or caller is who they claim to be, look up the company’s official phone number on Google (don’t use the one provided in the suspicious email) and call to find out.
Note: If you’re getting harassing phone calls or emails from someone claiming to be the IRS or another government entity, report it.
Out-of-the-ordinary emails
If a friend’s email account is compromised, a hacker might reach out to you via their email and see if they can break into your accounts, too. If you get an email from somebody you know that you’re not expecting, especially if it asks you to open a link, click an attachment, or send money, just give the person a call — a hacker might be able to imitate somebody in an email, but it’s unlikely they can nail a voice impersonation, let alone get access to their victim’s phone.
Emergency calls asking for money
Attackers can do more than send emails appearing to come from a trusted friend or family member; current tools and technology allow bad actors to spoof voices as well. Ultimately, trust your instincts. Are you expecting the call? Does it make sense to receive that particular call from that particular individual? These questions are important to ask — especially before sending large amounts of money to an unknown account. (We cover this in further detail in point five below.)
Unusual language, typos, and alterations to account names
Watch out for subtle clues, like getting an email from jane.doe@gmail.com when your contact is listed as jane-doe@gmail.com. Typos or strange wording are unlikely in emails from companies, and out-of-character phrasing from somebody you know well could be a red flag, so read carefully.
Asking you to open an attachment or a link
You may have heard this one, but it bears repeating. If you don’t know what you’re opening, don’t open it before you’ve spoken with the person who sent it. If an email looks like it’s from your bank and asks you to log in using a link they provide, play it safe — avoid the link in the email and just log in to your online banking account the normal way. Why? Because you never know what that attachment might be. You could very well be downloading malware that can access your entire hard drive. If you’re working on a shared computer, you’ll be putting everybody who uses it at risk.
What to tell your family: Call before you click. It only takes a two-minute call to protect your family wealth and privacy. Reversing the damage of a cyberattack could take years.
2. Practice identity theft prevention for children
Parents are always looking out for their children’s financial future, but many are unaware of the long-term impacts of cyberattacks on their children’s financial security. We hear about cybersecurity for seniors all the time, but when it comes to identity theft, kids are surprisingly much more likely to be affected. Why are kids such a prime target? Consider this — children won’t need to look at their credit report for up to 18 years, giving hackers plenty of time to illegally use a child’s information without being noticed.
The red flags for this one can be easy to spot. If you get a letter from the IRS stating that your 8-year-old didn’t pay income taxes or start getting collection calls for items you didn’t purchase, follow instructions for what to do if your child’s identity is stolen, courtesy of the FTC. However, as cybercriminals often wait a few years before using the information they obtain, you may not notice any red flags. Consider reviewing your kids’ free annual credit reports every year to make sure everything looks right.
In addition, you can put a credit freeze, also known as a security freeze, on credit reports for all your children. Credit freezes are one of the easiest ways to protect children from identity theft. This no-fee tool prevents anyone from accessing a credit report. Since most new accounts won’t be approved without that report, this makes it much harder for identity thieves to use your information.
What to tell your family: Explain to your children that you’ll be putting a credit freeze on their report (or at least checking to see if they have a credit report when they turn 16) to prevent cybersecurity issues from affecting them in the future. If you review their credit report, involve them in the process to foster comfort with managing finances.
3. Guard family wealth from unsecured internet-connected devices
Sometimes, practicing healthy financial habits means guarding family devices that seem to present no security risk at all. Does anybody care what you’re cooking in your Wi-Fi-connected crockpot? No, but it provides an inroad for hackers, as do more personal items like Wi-Fi-enabled baby monitors.
The Internet of Things is a cybersecurity risk because, if a hacker can get into one device, they could access your whole network. Many of the usual cybersecurity guidelines apply here. Use passwords that you change regularly, try multifactor authentication, complete security updates, and avoid using public Wi-Fi. But, when possible, simply avoid getting devices that connect to the internet unless you’re reasonably assured that they’re safe to use. Ask yourself if that device really needs to connect to the internet, and if it does, try putting it on a different network than your main computer.
What to tell your family: Sorry, kids, we’re not getting that Wi-Fi-enabled fridge, but we are getting a password manager.
4. Protect your wealth from cyberattacks while traveling
Unfortunately, cyberthreats to your family and family wealth don’t take a hiatus while you’re on vacation. Just like there are hackers at home, there are hackers abroad — and travelers make easy, unsuspecting targets.
Let’s say you’re staying at a hotel and want to get out a few emails for work. You open your laptop and see several Wi-Fi options: Hotel-1, Hotel-guest, and Hotel-public Wi-Fi. Pick the wrong one, and you could be on a fraudulent Wi-Fi hotspot, exposing your information to whatever unsavory character laid the trap.
Criminals set up phony hotspots and wait for you to log on, which can allow them to see everything you’re doing on the internet, such as logging in to your online banking account. The more visitors, the greater the risk. Disney parks, Paris, New York City, the Walk of Fame, and the Las Vegas Strip are positively loaded with fraudulent Wi-Fi hotspots.
Protect your family from cyberattacks by sticking to personal hotspots or bringing a clean device (a device without any of your information on it) instead of your personal computer that contains years of financial data.
Take caution when using cards, too. ATM skimming is a constant concern. Criminals may use keypad overlays or put card skimmers over the ATM’s actual card reader, but usually, they’re placing cameras above the keypad so they can see your PIN. ATMs connected to banks are typically safe because the bank can regularly check in on it. Stick to those when possible and cover your hand when typing in PINs. It doesn’t hurt to give the card reader a jiggle, too. If it’s loose, you could be dealing with a card skimmer.
Children and older adults who aren’t as knowledgeable about technology are likely to make these easy mistakes while traveling, so make sure your entire family understands the risks.
What to tell your family: Be careful when using devices or credit and debit cards. Stick to ATMs connected to banks and cover your hand when typing in a PIN. Don’t connect to public Wi-Fi, and instead use personal Wi-Fi hotspots or data (or — better yet — put devices away and enjoy your vacation.)
5. Identify AI fraud risks to family wealth
Besides just attempting to mimic an email address from a trusted contact, attackers are now building their capabilities to spoof voices and even visual appearances with artificial intelligence (AI). If you have at least 30 seconds of your voice available, such as your voicemail recording or any online videos, that’s enough for someone to feed into a platform that synthesizes a realistic voice. From there, attackers can feed in any prompts for your voice to say and add in background noise such as traffic sounds to help cover up the chance of recognizing the voice as artificial.
Imagine your spouse or child receives a voicemail that sounds exactly like you. In the voicemail, “you” tell them there’s an emergency and you forgot your bank account PIN and need it right away. That voicemail becomes a lot more likely to trick those close to you.
Unsuspecting grandparents have been getting phone calls from people claiming their grandchildren are in trouble and need money immediately to pay for bail or medical bills. Now, instead of fraudsters claiming the grandchild can’t come to the phone, they can use AI to mimic their voice. Grandparent scams resulted in millions stolen in 2023 alone, and we can only expect that number to climb with more sophisticated attacks.
What to tell your family: Especially for anyone with a public online presence including their voice, talk about implementing some sort of password or unique phrase that only your family knows to use in the event someone is in urgent trouble. Attackers won’t know to insert this into spoofed calls.
What now?
Most compromises happen in just a few minutes, but rarely are they discovered that fast. The average time to detect and contain a breach is over nine months and they’re often being discovered by third parties. Even if it seems like a lot of effort, it’s much easier to prevent an attack than it is to detect one and reverse the damage once it occurs. That’s why it’s so important that you share ways to stay safe online with your entire family.
