Sunday, 26 April 2020

Covid-19 And Internet Risks: The Basics Of Cybersmartness And Cybersecurity


Webinar
Powered By: Better Civic International Foundation
Theme:
Covid-19 And Internet Risks: The Basics Of Cybersmartness And Cybersecurity
Presented By:
Don Okereke
Date: 18th April 2020; Time: 19H30 – 21H00

Scope:
1.       Covid-19 and its implications for children online
2.       Types of online risks for children during covid-19 lockdown
3.      Tell-tale signs of a child being cyberbullied or targeted
4.      How To Recognize Phishing/Vishing emails/messages
5.      How to avoid falling prey to covid-19 scams, ransomware
6.      General recommended actions to mitigate online risks for children during the covid-19 lockdown
7.      Cyber safety Tips for teens, children
8.      COVID-19 and the menace of fake news, disinformation
9.      Beware of Fake News/Misinformation: How to avoid misinformation about the coronavirus:
10.   Parenting tips for children’s safe online experience

Good evening ladies and gentlemen,
All protocols observed. I am here to create awareness on cybersecurity risks associated with the COVID-19 pandemic and how we can stay safe from cybercriminals.
Preamble:
We are currently battling with three things at the same time: a pandemic (COVID-19), an infodemic and a hunger virus (HUVID-20) at the same time. We can define a pandemic in this context, as a disease prevalent over a whole country or the world. On the other hand, an infodemic means 'excessive amount of information concerning a problem such that the solution is made more difficult'. It follows that false information, misinformation, disinformation and conspiracy theories are spreading faster than the COVID-19 itself. This explains why the World Health Organization (WHO) warns against the consequences of a deadly infodemic. Multiple reports point to a trend in cybercriminals increasingly creating and deploying thousands of coronavirus-related websites, phishing emails and messages daily aimed at taking advantage of people.

What is COVID-19?
Without wasting much time, COVID-19 is defined as an infectious disease caused by the most recently discovered coronavirus. This new virus and disease were unknown before the outbreak began in Wuhan, China, in December 2019.
Covid-19 and its implications for children online
Today, April 18, is Day 19 of the stay-at-home order declared by the Federal government in parts of the country which is aimed at stemming the spread of COVID-19. The implication of this is that people are expected and will increasingly stay at home, practice physical or social distancing. Markets, schools, workplaces (except those rendering essential services) have been shut down in the past 19 days. Parents, children now stay at home. It’s boring staying indoors day in, day out. To kill boredom, many people (children inclusive) rely on their devices, gadgets to stay connected with friends on social media and to be abreast of events, information. I can attest that many people spend a great deal on data these days as a result of the lockdown.
The COVID-19 pandemic, lockdown implies more and more school children embracing online learning technologies, platforms. While online learning, remote working or teleworking are innovative and have their advantages, not all adults and children have the requisite knowledge, skills and resources to navigate the internet and keep themselves safe. Few days ago, the United Nations Children’s Fund (UNICEF) pointed out that online predators put millions of children at risk during COVID-19 pandemic lockdown. Henrietta Fore, Executive Director of the UNICEF reckons that more than 1.5 billion children and young people have been affected by school closures worldwide. Many are online now taking classes and socializing. Under the shadow of COVID-19, the lives of millions of children have temporarily shrunk to just their homes and their screens”. Spending more time on virtual platforms can leave children vulnerable to online sexual exploitation as predators capitalize on the COVID-19 pandemic.
There were complaints recently in some countries when scores of very young children were bombarded with X-rated pornography after their school’s Zoom learning session was hijacked by hackers. The school’s principal quickly realized what was happening, and swiftly shut down the application. This trend is called ‘’zoombombing’’ or weaponization of zoom, a video conference platform. It follows that Zoom had/have security vulnerabilities and Zoom raiders as they are called, often employ shocking imagery, racial epithets, profanity and in some cases, pornography to derail video conferences.
Please note that apart from Zoom, other video-conferencing Applications with capabilities for online meetings, webinars and trainings include: Microsoft Teams, Skype, GoToMeeting, Join.me, Cisco Webex, BlueJeans, Google Hangouts Meet, RingCentral, Zoho Meeting, Cyberlink U Meeting, Lifesize and FreeConference. Most of them have free versions that can be downloaded via play store.
Types of online risks for children during covid-19 lockdown
The internet can be an unchartered territory and a dangerous environment for everyone. Children and teens are particularly vulnerable to online hazards – security vulnerabilities, cyber predators, cyber-crimes et al. which can have severe, costly, even tragic, consequences. For instance, children may inadvertently expose their families to some of these cyber threats by accidentally downloading a malware or ransomware that could give cyber criminals access to their parents' bank account and other sensitive information.
Some of the online risks that children could encounter as they are increasingly glued to the internet due to the COVID-19 lockdown include:
1.       Cyberbullying - A 2018 survey of children’s online behavior found that approximately 60% of children who use social media have witnessed some form of bullying, and that, for various reasons, most children ignored the behavior altogether. According to enough.org, as of February 2018, nearly half (47%) of all young people had been the victims of cyberbullying.
Tell-tale signs of a child being cyberbullied or targeted by an online predator include:
a.      Appears nervous when receiving a text or an email
b.      Seems uneasy about going to school or pretends to be ill.
c.       Unwillingness to share information about his/her online activity
d.      Unexplained anger or depression, especially after going online.
e.      Abruptly shutting off or walking away from the computer, mobile device mid-use.
f.        Withdrawing from friends and family in real life.
g.      Trouble sleeping at night.
h.      Unexplained weight loss/gain and suicidal thoughts/attempts.
i.        Spending long hours online, especially at night
j.        Phone calls from people you don't know
k.      Receiving unsolicited gifts
l.        When the child suddenly turns off the computer when you walk into the room
m.    Withdrawal from family life and reluctance to discuss online activities

2.       Posting Private Information - There are awkward moments when children mistakenly post personally identifiable information (PII) – residential addresses, pictures, family vacation plans, the school they attend etc. online or on social media.

3.      Cyber Predators (pedophiles) - These days sexual predators, pedophiles increasingly stalk children on the internet/social media, taking advantage of their innocence, lack of adult supervision and abusing their trust. This can culminate in children being lured into dangerous personal encounters.

4.      Posts that Come Back to Haunt a Child Later in Life - As they say, the internet does not forget. Unlike the saying that what happens in Las Vegas stays in Las Vegas, it is a different scenario with our transactions online. Things that happen online, stay online, possibly forever. Anything an individual or child puts online have a way of sticking around. A party picture, Snapchat message or social media post could cause problems ten years down the road when you interview for a new job or run for a political office. A classic example is the current Canadian PM whose childhood ‘Arabian Nights’ themed party makeup almost cost him reelection. 
Similarly, according to a 2018 Career Builder survey, 70 percent of employers use social media to screen candidates during the hiring process. 43 percent use it to check on current employees. 
5.      Falling for social engineering, Scams - Social engineering in the context of cyber security, is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Children or teens may fall victim to online scams that offer things they value, such as free access to online games or special features. Cyber criminals can use websites popular with children to identify potential victims, and then promise prizes in return for what they want—like parents' credit card information. 

6.      Accidentally Downloading Malware or ransomware - A malware is a computer software that is installed without the knowledge of permission of the victim and performs harmful actions on the computer. Similarly, *ransomware* is a malicious software designed to block access to a computer or mobile device until money (ransom) is paid. Cyber criminals often trick people into downloading malware or ransomware that has the capability to steal personal information from a computer or hijacking it and subsequently demanding a ransom. Just recently, cybercriminals deployed a COVID-19 ransomware with a view to tricking unsuspecting members to click on the link to receive up-to-date information about the pandemic.
7.      Phishing - Refers to criminal activity that attempts to fraudulently obtain sensitive information from someone. There are several ways a fraudster can try to obtain sensitive information such as your date of birth, driver's license, credit/debit card information, or bank account information, often luring you with a sense of urgency. Sometimes a fraudster will first send you a courteous email (more like a bait) to lure you into a conversation and then follow up with a phishing email. It is also possible for the fraudster to send just one phishing email that will direct you to a website requesting you to enter your personal information such as User ID and Password.
8.      Pharming – Refers to a type of scam where a fraudster installs malicious code on a personal device or server. This code then redirects any clicks you make on a website to another fraudulent Website without your consent or knowledge. Be especially careful when entering financial information on a website. Look for the ‘s’ in https and the key or lock symbol at the bottom of the browser. If the website looks different than when you last visited, be suspicious and don’t click unless you are certain the site is secure.
9.      Vishing - Fraudsters also use the phone (SMS) to solicit your personal information. This telephone version of phishing is sometimes called vishing. Vishing relies on *social engineering* techniques to trick you into providing personal or sensitive information.

10.   Smishing uses cell phone text, usually *bulk SMS messages* to lure a victim. Often the text will contain an URL or phone number. Just like phishing, the smishing message usually asks for your immediate attention. Desist from responding to smishing messages.
How To Recognize Phishing/Vishing emails/messages:
1.       Do you know the sender of the email?  If yes, continue to be cautious before clicking a link. If no, do not click any links. Mind you that cybercriminal can clone a website.
2.       Have you checked the link especially now that websites can be clones and links can be shortened using url shorteners? Hover your Mouse over the link and check the URL. Does it look legitimate or does it look like it will take you to a different website? For instance, if they want to clone the website/email address of the World Health Organization, they can make it look like www.who.com or info@who.com. Meanwhile the WHO’s authentic email address could be: info@who.org. basically, the difference is in the suffix (.com rather than .org). Only the savvy or discerning would know.
3.      Does the email or SMS contain grammatical errors? If so, it is a red flag. Be suspicious!
4.      If the email comes with attachment(s), do not click on the attachment. Contact the sender to verify its contents.
5.      Does the email request personal information?  If yes, it is another red flag, do not reply.
6.      If you have a relationship with the company/person, are they addressing you by name?
7.      If you receive an email or phone call from a purported organization (say XYZ) requesting you call them and you suspect it might be a fraudulent request, look up the organization’s customer service number and call that number rather than the number provided in the solicitation email or phone call.

How To Avoid Falling Prey To COVID-19 Scams, Ransomware:

1.       Avoid clicking on random links.
2.       Avoid all these awoof data links, I am not aware of any Telecoms operator sharing free data at the moment.
3.      The Federal government is not sharing money yet, when they start (if they do), you will know.
4.      Stop forwarding messages without proper verification, you don't work in a clearing and forwarding company.
5.      Beware of FOC (Free of charge). Your bank is not sharing free money. There is no free money, even in Freetown, nothing is free.
6.      Don’t divulge sensitive personal information regarding your banking or card details. There are fraudulent emails, SMS making the round, where customers have been asked to provide their card details or BVN for disbursement of COVID-19 palliative funds ranging between N30,000 and N70,000 into their bank account upon validation of their bank details online. 

General recommended actions to mitigate online risks for children during the covid-19 lockdown
1.       Given that it is what a parent knows that s/he would teach his/her ward, parents will do well to be up to speed with information technology and be social media savvy. We live in the information technology age; it is not out of place to see children who are more tech savvy than their parents or teachers. 
2.      Parents should frequently have heart-to-heart conversation with their wards about online safety, computer use, inherent dangers and long-term effects of inappropriate conduct, including posting pictures online.


3.      A good rule of thumb is to not allow internet use when a child is home alone without proper supervision. Though not perfect, installing a search engine filtering software/tool or parental controls, would help.

4.      Keep your computer in an open area. If your computer is in a home office, make a rule that doors are always left open when online.

5.      Do not allow internet use after you’ve gone to bed at night no matter how good your computer security software is or how confident you are in kids search engines.

6.      Consider installing parental control software to give you completed control over how kids access the internet.

7.      Do not allow file sharing programs to be installed on your computer. Only use safe and secure music download programs from trusted sources on the internet.

8.      Be wary of allowing under aged children to use social media - Many social networks require users to be at least 13 years of age, but some allow children to sign up with their parent’s permission. If your ward has social media accounts, check their privacy settings. The default settings may expose more information than you’d like. Change settings to the highest level of privacy. Teach your kids not to accept friend requests from people they — and you — don’t know. Some friend requests come from bots that will spam friends lists.

9.      Install antivirus software, make sure they are up to date and only download Apps from credible sources such as Playstore.

Cyber safety Tips for teens, children                                                                                                         
1.       Don’t post your date of birth, offensive comments, passwords, address, personal phone number, inappropriate pictures, the name of your school or any information about your family online or on social media platforms. Talk to your parents first about pictures you want to post online, whether they be of yourself or your friends and family members.
2.       Don’t talk to strangers on the Internet
3.      Never to agree to meet someone that you have met online. If you do not know the person in ‘real life’, tell your parents about anyone this is asking to meet you.
4.      Don’t fill in a profile that asks for your name and address
5.      Don’t visit a chat room without an adult’s / parent’s permission
6.      Don’t stay online if you see something you think your parents won’t like
7.      Do not download or install anything on your computer/device without your parents’ permission
8.      If you have any questions about something you read, ask your parent or guardian
9.      If you are talking to someone online and they make you uncomfortable, remember you don’t have to talk back to them.
10.   Do not respond to messages you receive that are mean or speaking meanly about others. Tell your parents about these messages.
11.     Always be kind of others online. Do not do anything that may hurt others including joining in conversations discussing other people’s problems.
12.    Be careful about discussing details about your own personal problems with your friends online. It is better to speak to them in person. Tell your parents or teacher if you are struggling with something.
13.    Agree to computer rules set up by your parents, teachers or guardians. With freedom and trust comes the expectation that you will act responsibly.
How to avoid misinformation about the coronavirus pandemic:
a.      Bank on information from reliable resources – the World Health Organization (WHO), National Centre for Disease Control (NCDC) and other reliable agencies, platforms.
b.      More often than not, print news tends to be more accurate than video or television because print reporters tend to fact check the news and provide links to referenced items.
c.       If a claim is made regarding coronavirus pandemic, do some online research.
d.      Be wary of claims about cures and the origin of the virus.
e.      Be a detective before sharing information with others on social media. Do a quick Google search at least, and spend some time making sure what you’re reading is accurate.
f.        If a story sounds fake, don’t click on it or engage with it. If you click on it, it’ll enhance its search algorithms and promote it even more.
Feel free to read my extensive essay on this pervasive trend titled – ‘’Cybersecurity Awareness: HowCybercriminals weaponize COVID-19 To Perpetrate Scam’’.

Thanks for your time. Stay safe!

Respectfully,
© Don Okereke


April 18, 2020

References:
       ii.            https://kidshealth.org/en/parents/net-safety.html
     iii.            content/en-us/images/repository/isc/Twitter-Safety-For-Kids.jpg
   vii.            https://www.theafricareport.com/24698/top-10-coronavirus-fake-news-items/amp/