As parents and teachers, we know our students are growing up in a digital age so there's a lot of discussion about how to teach children to be safe online. Conversations about online safety usually revolve around inappropriate websites, Facebook privacy settings, stranger-dangers, and thinking twice before you click and text that friend a compromising message or photo that could sabotage your career or personal life.
But, there's more. What about banking security and online identity theft? What about password security?
Why would an elementary student need to think about someone stealing their identity when they don't have a bank account yet? Because many of our students are leaving a pretty wide digital footprint, the Internet has a long memory, and people are using online research as a way to guess your email security questions.
(Or, if your students aren't worried about bank fraud ten years down the road, what about someone hacking into their World of Warcraft or some other social networking account? What about someone hacking into their email and reading their personal messages or logging into their IM account to stir up trouble.)
My friend's mom was recently the victim of attempted fraud. Someone hacked into her email account, changed the password, and then emailed her financial planner from the account for details about her retirement funds. Once the hacker got the balances over email, they attempted to transfer money out of her account. Fortunately, the financial planner called my friend's mom in person to confirm the transaction, at which point the transfer was blocked. Even though she didn't lose any money, it's scary to think of a stranger going through your personal email.
How did the hacker gain access to my friend's mom's email account? Well, I'm not completely sure, but here are three potential ways they did it.
- My friend's mom recently clicked on a suspicious link from an email spam blast sent through another friend's hijacked email account. The police thought the link might have installed a Trojan or Keylogger on her machine which then sent the email password to the hacker. (We've since beefed up the security on the machine by installing anti-virus software. It was a toss up between Norton Antivirus 360, Bitdefender, and Kaspersky, but in the end, we went with Kaspersky because it has a virtual keyboard to help protect against keylogging software.)
- Maybe the hacker got into the email account through a phishing site.
- Or, maybe the hacker was able to guess the email security questions and reset the password on the account.
Students, strangers, and people close to you may be able to hack into your online accounts.
One of my students told me he knew how to hack into someone's gaming account. How? Once he got their email address, he could probably ask around to guess the password reset information. Once he could log into their email account, he could go to the gaming website and request a password reset (which typically goes to your email address on file) and boom – he has access to someone's gaming account.
Sure, you might have an incredibly hard password to crack, but if someone can guess the answer to your relatively easy password reset questions, then your personal email account is wide open. Once they have access to your email account, they can potentially access your other online accounts (by resetting your password to your email account which they now have access to.)
Sometimes, it only takes a little bit of online research to figure out what's the name of your first pet or where you were born. Heck, here are some answers to common password reset questions for some Hollywood celebrities, including Justin Bieber, Katy Perry, and Kobe Bryant.
(It goes without saying, but don't try to use this info to hack into anyone's account. Chris Chaney recently pleaded guilty to wiretapping and unauthorized access to a computer for hacking into over 50 celebrities' email accounts. He faces over $2 million in fines and 60 years in prison.)
If celebrities can have their email accounts hacked, so can we. People just need to guess your email address, guess your security reset questions, et voila. Instant access to all of your emails, or worse, instant ability to pretend to be you.
So, what does this have to do with student safety online?
Well, coming back to the digital footprint part, more and more teachers around the world are starting class blogs or student sites. In fact, here's a list of award winning educational blogs – teacher blogs, administrator blogs, class blogs, student blogs, etc. How many email addresses and answers to security questions could someone scrape from these sites? This is one of the reasons why I'm a big fan of students using pseudonyms when blogging online.
Students (and parents and teachers and everyone else online) need to think more about whether their email accounts are secure.
- Make sure you take your password security seriously. Most students don't think twice about sharing their computer passwords. Most people tend to use the same passwords for everything.
- Make sure your password reset passwords are difficult for your friends (and people researching you on the Internet) to guess.
How do you teach your students to keep their email accounts safe?
Posted using the Blogsy App on the iPad