How to talk to your kids about malware

Children’s impulsiveness, easy distraction make them especially vulnerable; inform them of risks, set boundaries

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Pic­ture this: The car is full. You’re nav­i­gat­ing by the side mir­rors while doing a men­tal inven­to­ry of every­thing you packed and won­der­ing if you’re going to make it to the realtor’s office in time to pick up the keys for your vaca­tion rental. You have absolute­ly no idea what the kids are doing in the back seat.

Adam Levin, chairman and co-founder of and IDT911
Adam Levin, chair­man and co-founder of and IDT911

Now for­get the mas­sive dis­trac­tion of that sum­mer road trip and con­sid­er the big­ger pic­ture. It doesn’t mat­ter how old or world­ly they are, or how ridicu­lous­ly up in their busi­ness you are. You can’t know what your kids are doing every sec­ond of the day. And just like a good cops and rob­bers game, bet­ter sur­veil­lance only cre­ates bet­ter criminals—which means all the more care­ful your child will need to be when your eyes aren’t direct­ly on them.

While most of us have learned over the past few years to ignore the lures and snares of mal­ware prop­a­ga­tion—whether they come via app, Face­book post, email or text—no one is per­fect, and kids may not under­stand the big pic­ture well enough to avoid the haz­ards with­out some guidance.

The big pic­ture is sim­ple: There are crim­i­nals out there—more than you can imagine—whose day job it is to get enough of your per­son­al­ly iden­ti­fi­able infor­ma­tion to steal goods and ser­vices in your name or crawl into your bank account and drain it; in oth­er words, to com­mit iden­ti­ty-relat­ed fraud.

Your first job is to get this across to the chil­dren in your life: Crim­i­nals can use their information—personal details like birth­days, address­es, fam­i­ly names—to steal things—and those crim­i­nals do this by trick­ing kids into pro­vid­ing that information.

Yes, you real­ly need to have that talk

Remem­ber the tod­dler years when things went missing—car keys, cred­it cards, stock cer­tifi­cates, crown jewels—only to resur­face dur­ing a week­end exca­va­tion of their play space or in the back of a sock draw­er? Teens and tweens aren’t much bet­ter. They lose house keys and car keys, too; they for­get where they parked the car, smart­phones dis­ap­pear, and so on and so forth.

The bot­tom line here is that kids are strangers to two key con­cepts that help put a lay­er of pro­tec­tion between you and online scams aimed at sep­a­rat­ing you from your per­son­al­ly iden­ti­fi­able infor­ma­tion.

While it’s true that focus and impulse con­trol aren’t exact­ly some­thing adults just mag­i­cal­ly acquire with age, when it comes to younger peo­ple, it’s an oxy­moron. This is some­thing that needs to be dis­cussed, notwith­stand­ing all the eye-rolls and sighs. That lack of impulse con­trol is what makes phish­ing and oth­er mal­ware scams work.

Phish­ing attacks suc­ceed or fail depend­ing on a num­ber of fac­tors, but the main one is the target’s dis­trac­tion lev­el. Kids are not always the most mind­ful among us. This makes them tar­gets for phish­ing scams.

For­get the heli­copter routine

The very best advice I can give you here is to set strong “Do Not Cross” lines for them from the very start. Use exam­ples of things that have gone miss­ing, or days that have been hor­ri­ble because of dis­trac­tion, to start the conversation.

Tell them that real-life risk includes dig­i­tal things, espe­cial­ly with regard to their per­son­al­ly iden­ti­fy­ing infor­ma­tion. Have a basic rule: If you are asked for per­son­al infor­ma­tion, check with a par­ent. Explain some com­mon tac­tics used by phish­ing scams. For exam­ple, pop­u­lar web­sites and ser­vices require updat­ing, autho­riza­tion or val­i­dat­ing an account. It’s a real thing, but scam artists use it to get per­son­al infor­ma­tion. All such requests should raise their lev­el of concern.

Set a basic rule here: Only adults can pro­vide pay­ment infor­ma­tion, or trou­bleshoot an account that has asked for information.

Tell them to watch out for web­sites that are almost right: If you fol­low a link that was sent via email or text or that was post­ed on a social net­work and some­thing looks a lit­tle wrong, leave that site immediately.

Phish­ing scams often cre­ate sites that look like the real thing, but there are lit­tle dif­fer­ences here and there. That said, some­times the only way to detect the fraud is by look­ing at the URL. The many scam sites will spell it a lit­tle dif­fer­ent­ly, but just bare­ly so.

Today’s kids know more than their par­ents about a dumb­found­ing array of top­ics that would make the most hard­ened politi­cian blush. But unfor­tu­nate­ly they may be even more vul­ner­a­ble to phish­ing attacks, and it’s your job to keep them out of the shark tank.

Full dis­clo­sure: IDT911 spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its partners.

More on iden­ti­ty theft:
Iden­ti­ty Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Iden­ti­ty Has Been Stolen?