Being a parent is hard, especially when you have to keep up with the growing list of technological changes affecting your children. In between chauffeuring kids to soccer practice and staying on top of their grades, there’s little time to research online threats, but computer viruses, ransomware and identity theft happen to children every day. Although it may seem that malware attacks and cybercrime live in the adult world, cyber thieves regularly target children and teens where they’re most active – chat rooms, social media, video streaming sites and online video games. Children are good targets because they may have high levels of trust in people and low levels of knowledge in cybersecurity.

Being proactive and staying educated on the current cybersecurity risks facing kids and teens in today’s digital world goes a long way to keeping them safer online. Parents who understand the biggest risks and educate their children are more likely to shut down cybercriminals before they ever have a chance to strike. Below are some of the top cybersecurity concerns every parent should understand in 2018.

Anonymous Sharing

Anonymous sharing is popular among tweens and teens. Apps like Snapchat allow users to post images and messages that only show up temporarily and then are removed. But nothing on the internet is temporary. Cyber thieves and bullies can easily take screenshots and photos of information and images before they disappear.

Popular apps like Whisper keep a user’s identity unknown, while others like Anomo start you off as anonymous but let you change your settings over time. If your adolescents want to share anonymously, they may choose apps like After School, which is developed specifically for teenagers and includes resources for counseling, scholarships and social campaigns.

Over 75 percent of surveyed parents viewed anonymous sharing as “somewhat unsafe” or “very unsafe.” It’s a legitimate fear. Although anonymous sharing can promote healthy and open expression for users, it can also make it easier to overshare information. Before letting your child use anonymous sharing apps, discuss what information is safe to share with your child. Kids should be wary of any messages containing links or attachments, which could contain malware or lead to phishing websites.

Direct Messaging

The majority of social media sites have direct message features for connecting with friends, family and strangers. Direct messages are popular with cyberthieves who place links directing to phishing sites and harmful downloads. Here are the warning signs and how to avoid these schemes:

• Avoid clicking on messages with an unusual amount of typos and misspellings, wrong subject-verb agreements or unusual punctuation marks.
• Messages asking for personal information like passwords, SSNs, credit cards or PINs. No legitimate social media site will correspond with its users about these topics through direct message.
• Be extremely skeptical of messages claiming your account will be locked or deleted unless a specific action is taken.
• Don’t click links that are mismatched from their descriptions. Hover over a link with your cursor and check the status bar at the bottom of your browser window. Make sure the status bar address matches the intended destination. Both addresses should match for any type of link, whether in direct messages, emails or browsers.

Practice these cybersecurity habits with your children. Visit sites like scam-detector.com and show your kids common ways cybecriminals spread viruses via direct messages on Twitter, Facebook and other social media networks.

Email Attachments and Links

Social engineering is a powerful way for cyberthieves to trick children into infecting their own devices or revealing personal information. Sit down with your kids and show them how you check your emails. Even have them send you one themselves with a message and an attachment like a picture.

Explain and demonstrate how a phishing email works and their telltale signs. Send your child an email with a “bad” mismatched link you made up. Show them how to hover the cursor over a link to reveal its true destination on the web. Most importantly, explain why you never open an email attachment from an unknown source. If you can’t confirm the source, delete the attachment.

Video Streaming Sites

The world of television programs and cable networks, familiar to many parents, has given way to online celebrities and YouTube videos for their children. Everyday, YouTube users watch over 1 billion hours of videos. All of this traffic draws the attention of scammers and cyberthieves looking to hack the system for profit.

For video sites like YouTube, cyber threats come not from streaming videos but from other parts of the platform. While your child can’t get a virus while watching a YouTube video, they can click on a link in the comments section, an ad or a video description and infect your device with malware.

Take these preventative measures to protect your devices from infection:

• Get them familiar with how YouTube works. Show them the problem areas: where the comments section lives, what video ads look like and where links in video descriptions are inserted.
• Enable YouTube Restricted mode, which will filter out inappropriate content and hacking schemes like the one above.
• Consider downloading the YouTube Kids App, which helps you control their content through it. Some features, like the comments section, can be turned off completely.

Videos will only get more and more popular for both children and cyberthieves. Get ahead of cyberattack trends by educating your family on current threats within video platforms.

Online Video Games

Kids love video games, especially those that let them share their experiences and creations with others. Almost every video game today has some type of social component built in, whether it’s direct messaging or chat. Minecraft and Roblox are just two examples of popular user-generated online games that let kids build worlds and share them with others.

While such games are good for building imaginations and relationships, they’re also the playground for hackers. Like YouTube, cyberthreats on the websites aren’t the problem. That is, you can’t get a virus just from playing Minecraft, League of Legends or Roblox. You get it when you leave the game’s website and land on another, and thieves use social engineering tricks like the following to lure kids away:

• Pop-up ads or chat links offering free coins, avatars, skins and upgrades. Once clicked, the ad or link takes them to a website that requires them to download an executable file. When opened, the program infects the computer with malware designed to steal data, which can include your banking formation and account passwords.
• Fake login schemes use pop-ups within the game to tell the player they must provide their username and password to continue. Sometimes the pop-up claims the site is “under maintenance” as a social engineering ploy to steal a player’s account and lock them out.
• Hackers use botnets to send spam and fake ads to millions of players, asking them to visit websites for free stuff. The botnet is designed to run a fraudulent ad scheme, which relies on more views and clicks to make the hackers money.

Here are some tips to help your child avoid phishing scams on video games:

• If the game allows, set your child’s chat options to “friends only.”
• Teach your child the “no free lunches” lesson. Drill the point home that if it sounds too good to be true, it probably is. The old adage should be the mantra for any parent warning their child about online “free” offers.

Cyberattacks can rob you of your personal data and your child of their hard-earned accounts. Keep the fun going by teaching your child the common tricks hackers use on video game websites.

Be Proactive, Not Reactive

Set Up Parental Controls

Keep your kids safe and consider executing a multi-layered approach to parental controls, starting with the devices themselves.

• Set up parental controls for your devices: Windows and/or Mac
• Set up parental controls for web browsers. For Chrome, you can create a supervised profileto monitor and block any content they visit. Firefox has many different add-on extensionsfor similar purposes.
• Set up parental controls for all of the apps your kids can access. You can set their Facebook privacy settings to “Friends Only” and block specific content for their YouTube channels.

Setting up a multi-layered approach will create redundancies of protection — if one layer of protection fails, the others will still work.

Protect Your Child’s Passwords

You child’s password to their social account is like gold to a cyberthief. With their password, cybercriminals can take over the account and use it to post fake news, spam others with messages or create fraudulent ads. Help your kids create passwords and keep record of the passwords in case you need access yourself. Here are some strategies for creating secure passwords:

• Find a balance between complexity and memorability. Creating longer passwords makes them more secure, but make sure your child can remember them.
• Make your password a sentence – you can use upper- and lowercase letters, spaces numbers, punctuation and more.
• Turn on strong authentication for apps that allow it. Strong authentication – sometimes called 2-step verification, multi- or two-factor authentication, or login approval – provides an extra layer of security beyond your username and password to protect against account hijacking.
• Consider using a password manager that will do the remembering for you.

Your child’s password is the key to their social media privacy and their account. Keep them safe from cyber thieves by creating a secure password.

Get Antivirus Protection

Downloading and installing a comprehensive antivirus protection software will actually solve many of the problems outlined in this guide. From helping avoid malicious links to managing your passwords, antivirus software will keep your data confidential, your identity safe, your devices virus-free and your children better protected from harmful content.

Many major antivirus protection plans offer free downloads that provide some basic protections.

Consider Cybersecurity an Investment

Like insurance, cybersecurity is something you avoid thinking about until you need it. But when disaster happens, you’re always glad it’s there. Stay ahead of the growing threat of cybercriminals and evolving malware by taking the time to invest in the things that work: educating yourself and your children, practicing good online habits, keeping your devices up to date and getting a comprehensive antivirus software system.

An Italian IT company has been using spoofed web pages to quietly distribute an extremely sophisticated Android spyware tool for conducting surveillance on targeted individuals since sometime in 2015.

In an advisory Tuesday, security vendor Kaspersky Lab described the tool, named Skygofree, as containing location-based audio recording capabilities and other functionality never before seen in the wild.

Available telemetry suggests the multi-stage spyware was first developed in 2014 and has been in continuous development since then. The Android implant gives attackers the ability to take complete administrative control of infected devices and to snoop in on conversations and nearby noises when the device enters specific locations, Kaspersky Lab said.

Skygofree is also designed to steal WhatsApp messages via Android's Accessibility Services and to connect infected devices to attacker-controlled Wi-Fi networks. Its other capabilities include the ability to surreptitiously take videos and pictures, steal call records and SMS messages, and grab geolocation data, calendar events, and other information from infected devices.

Interestingly, the spyware tool has the ability to add itself to the list of protected Android apps on an infected device so it doesn't get automatically shut down when the screen is turned off.

In total, Skygofree supports 48 different commands that attackers can use to execute various malicious actions on an infected device. Attackers can control the malware using HTTP, binary SMS messages, the Extensible Messaging and Presence Protocol (XMPP), and FirebaseCloudMessaging services, according to Kaspersky Lab.

The same IT firm that developed the malware also appears to be distributing it, says Alexey Firsh, malware analyst at Kaspersky Lab. The firm has been using web pages spoofed to appear like they belong to leading mobile network providers to deliver the malware on Android devices.

The first spoofed landing pages were registered in 2015. The most recent domain was registered last October suggesting the distribution campaign is still active. "Based on the infrastructure analysis we believe that it was set up by the same commercial entity which is believed to be behind the malware itself," Firsh says.

Following the Kaspersky Lab advisory, the domain Whois Record was edited, suggesting the Italian firm is now trying to cover its tracks, he noted.

Available information shows that the targets of the attacks so far have been all Italian-speaking individuals. What remains unclear is how exactly victims arrive at the spoofed landing pages from where the malware is being distributed.

"It could be some kind of malicious redirect or targeted phishing with a link," Firsh says. "We don’t know exactly, but these phishing sites were not public-forced and [a] user that is reading news or watching funny videos could not just get to these pages," by accident, he says.

Identifying and blocking high-end mobile malware such as Skygofree can be extremely challenging given their complex payload structure and native code binaries, Firsh says. Another big challenge is the relatively small number of people that get targeted with this kind of tool, making it hard for security researchers to get their hands on them.

Kaspersky Lab has not identified the developer of Skygofree by name. But the IT firm behind the spyware appears to be similar to other providers of so-called lawful intercept software such as the Milan-based HackingTeam, FinFisher of Munich, and RCS Lab of Milan. Law enforcement and spy outfits from around the world use software from companies such as these to conduct surveillance and pursue investigations.

The headlines are everywhere. New scams and data breaches pop up overnight. Organized crooks want to steal your personal information so they can go on a spending spree. It’s more important than ever to manage your privacy and keep your information secure. The challenge is knowing what to do.

In a survey we conducted recently, 43 percent of Americans said they felt powerless about online security.¹ But they shouldn’t. The easiest, most basic security tips can still prevent the majority of online scams and thefts.

Here are a few of the top tips:

• Don’t be like a wildebeest on the savannah, hoping that the lion eats another member of the herd. When it comes to cyber scams, always think, “This could happen to me.” You will pay more attention and be a harder target.
• Be fully aware of “social engineering.” That’s a fancy term for somebody tricking you on a phone call or email – for example, pretending to be from a certain company. Treat strangers like strangers. Share personal information only if you initiate the contact (such as calling the phone number on your bill) – not if someone reaches out to you.
• Only open email and text messages from people you know, and always have your guard up for odd-looking links. You are more vulnerable when you’re tired or not paying attention.
• Keep your computers and mobile devices current with the latest operating system updates and security software. Really. Do it.
• Passwords! Sorry, they are still with us. When you get a new connected device of any kind, don’t leave it on a default password like 0000. Don’t use your dog’s name – or use the same password for every account you have. The latest federal study suggests the best password is probably the longest you can tolerate. It suggests a string of random, short words. (Throwing in numbers, capital letters, etc., is no longer part of the recommendation. Just make it long and random.)

Connected technology is awesome. Smart devices have changed the way we work and play. Safe habits won’t prevent every problem – but they sure help.

Take some simple steps, and get in the habit of keeping your shield up. You’ll go a long way toward protecting your privacy.

This year's first bad news for OnePlus users—a large number of OnePlus customers are reporting of fraudulent credit card transactions after buying products from the Chinese smartphone manufacturer's official online store. The claim initially surfaced on the OnePlus support forum over the weekend from a customer who said that two of his credit cards used on the company's official website was suspected of fraudulent activities.

"The only place that both of those credit cards had been used in the last 6 months was on the Oneplus website," the customer wrote.

Later a good number of users posted similar complaints on OnePlus, Twitter and Reddit forums, saying they also became a victim of credit card fraud.

Many of the customers claimed that their credit cards had been compromised after they bought a new phone or some accessories directly from the OnePlus official website, indicating that the leak might have been through the company itself.

Cybersecurity firm Fidus also published a blog post detailing the alleged issue with the OnePlus website's on-site payment system. The firm suspected that the servers of the OnePlus website might have been compromised.

According to Fidus, OnePlus is currently conducting the transactions itself on-site, which means that all billing information along with all credit card details entered by its customers flow through the OnePlus official website and can be intercepted by attackers.

"Whilst the payment details are sent off to a third-party provider upon form submission, there is a window in which malicious code is able to siphon credit card details before the data is encrypted," Fidus wrote.

Fidus went on to clarify that their findings did not in any way confirm that the OnePlus website was breached; instead, they suggested the attacks might have come from the Magento eCommerce platform—which is used by OnePlus and is "a common platform in which credit card hacking takes place."

OnePlus has quickly responded to the issue on its forum, confirming that it does not store any credit card information on its website and all payment transactions are carried out through its PCI-DSS-compliant payment processing partner.

Only credit card-related information of users who have enabled the "save this card for future transactions"feature is stored on OnePlus' official servers, but even they are secured with a token mechanism.

"Our website is HTTPS encrypted, so it's very difficult to intercept traffic and inject malicious code, however we are conducting a complete audit," a company's staffer using the name 'Mingyu' wrote.

The Chinese smartphone maker also confirms that purchases involving third-party services like PayPal are not affected.

OnePlus does not reveal much information on the incident but confirms that its official website is not affected by any Magento vulnerability.

The company confirms that oneplus.net was indeed built on the Magento eCommerce, but said since 2014, it has entirely been re-built using custom code, adding that "credit card payments were never implemented in Magento's payment module at all."

There are almost 100 claims of fraudulent credit card transactions on the OnePlus support forums. OnePlus announces a formal investigation into the matter, and advises affected users to contact their bank to reverse the payment.

The New Year has just begun, but General Motors is already looking toward 2019, when it will take the next step for its self-driving cars. It plans to release the Cruise AV, a self-driving car without a steering wheel, pedals or any of the standard driver controls.

The news comes from a GM announcement about its safety petition to the US Department of Transportation for permission to put the Cruise AV on roads as early as next year.

GM acquired Cruise Automation in 2016, and since then Cruise has worked on its technology. Driverless vehicles powered by Cruise are already on the roads in California, Arizona and Michigan for testing, and these car may soon be in New York City.

The big difference between the existing Cruise vehicles and the upcoming Cruise AV is that this new version, the fourth generation, will be the first production-ready model purpose-built to drive itself.

GM envisions the Cruise AV reducing traffic accidents, giving back the time riders spend stuck in traffic, offering greater mobility for elderly or physically impaired passengers and making the hunt for parking a thing of the past.

Assuming the DOT approves GM's safety petition, we could all be driving alongside robots next year.