Skip to main content
European Union flag
Log in
Community Message
Membership to the Community Portal is only available to Community members.
Select Accept to continue to the Login page.

Online abuse – get help, report it!

Contact a helpline

Cybersecurity

Knowing how to protect your data, accounts and devices from attack by cyber criminals is a vital skill for everyone. Learn more about how to be cybersecure.

A key skill needed by both children and adults online is cybersecurity: protecting your devices, online accounts and personal data from unauthorised access. It is important for you to know how to protect yourself as individual, and many of the steps you can take can also be taught to your child to encourage them to be cybersecure, even from a young age.

This deep dive will explore cybersecurity strategies that are useful for all family members, as well as some of the most common forms of cybercrime that you or your child may encounter online, specifically online scams such as phishing, and the use of malware.

Why is cybersecurity important?

Internet connected devices (such as smartphones, games consoles and computers) are a common part of modern life for many families. Depending on your family’s approach to using technology, there may be a range of devices that are used to access online services. Your child may also have their own devices and their own accounts, including social media, email and gaming accounts.

The personal data stored in online accounts and devices is valuable to criminals, particularly data related to accessing finances or possessions.

Getting into positive habits around privacy and security is important for everyone in your family to help avoid becoming the victims of cybercrime. It is also useful to learn how to spot common attempts online by criminals to steal personal data, possessions or money – the more aware you are, the easier it is to spot when a cybercriminal is trying to trick you or your family online.

What is cybercrime?

There are two main types of cybercrime:

  • cyber-enabled crime – traditional crimes that can be enhanced by technology (for example, child sexual exploitation, blackmail, fraud, extortion and drug smuggling).
  • cyber-dependent crime – crimes that can only occur through the use of the internet and technology (for example, hacking, cyberespionage, data theft, and malware).

This deep dive will mainly focus on the ways that you and your family can protect yourself from cyber-dependent crime, although many of these strategies can also help reduce the risk of other crimes such as fraud, identity theft or extortion.

What are the motives behind cybercrime?

Your personal data is valuable to online companies but also to cybercriminals. With enough personal data, a cybercriminal could:

  • Access your online accounts that enable them to collect/steal more personal data.
  • Sell personal data (such as credit card details, account passwords, etc.) to other criminals online.
  • Impersonate you – either to commit fraud or to commit acts that might damage your reputation, well-being or safety.
  • Hijack your accounts/devices to use in other crimes, such as using them as part of a coordinated attack alongside other hacked accounts/devices to take down a website. This is often referred to as a ‘botnet’.
What types of scams are there online?

Thanks to the wide variety of online services, online scams can take many different forms:

Romance scamsBuilding a romantic relationship and trust in order to request large sums of money from you.
‘Get rich quick’ schemes Scams promising a quick return on a small investment but are designed purely to take your money.
Impersonation on social media Setting up a fake account that impersonates you in order to add your friends and obtain their personal data.
Fake shopping sites/productsSelling fake products or services in order to take your money. You end up receiving no product in return or a product of much lesser value than advertised.
PhishingEmails pretending to be from a genuine service (like Netflix or a bank) encouraging you to click a link to confirm your account details and enter personal data such as usernames and passwords.
Unexpected prizes/competition winsPromises of a prize in return for a small payment or sharing of personal data.
Fake investment offersScams promising a large return on an investment or seeking to pass money through your bank account and pay you a percentage as a reward (also known as ‘money muling’, a form of money laundering).
ExtortionThreatening you with physical or reputational harm unless you comply with the scammer’s demands or pay them to go away. Sextortion scams involve scammers claiming they have intimate images of someone and will release them into the public domain unless paid not to. Many sextortion scams target young men and boys.
Tech support scamsUnexpected contact from a tech support line or company offering to take control of your device to fix a problem. Once they have control, they install malicious software (malware) or steal personal data.
MalwareDisguising a virus as a genuine file, software or app to encourage you to install or download it onto a device. Some software (like keyloggers) allows a criminal to record all actions on a device, including keys pressed on a keyboard when inputting details such as passwords.
RansomwareMalware that encrypts (locks down) all files on a device and will only unlock those files when a ransom is paid. As the encryption is often very strong, victims are faced with the choice of paying the ransom or losing their data forever.

Regardless of the type, the motive is always the same – to trick an online user into giving away personal data or other information in order for a scammer to defraud them or take advantage of another person, usually for financial gain.

Activity:

Consider the following scams and how likely they might be to affect your child.

Type of scamHow likely is it to affect your child?
Romance scams 
Get rich quick schemes 
Impersonation 
Fake shopping 
Phishing 
Unexpected prizes 
Fake investments 
Extortion 
Tech support scams 
Malware 
Ransomware 
Highly unlikelyUnlikelyLikelyHighly likely
What is phishing?

Phishing is a common technique used by cybercriminals to trick users into revealing their personal data by pretending to be popular online products and services. The most common form of phishing is an email that appears to be from a trusted source such as your bank or an online service you use (such as Netflix) asking you to confirm or update your account details. These emails always include a link to a fake webpage - it looks like the genuine site but is designed to steal any personal data entered (like usernames and passwords). Criminals can then use your details to gain access to your real account. This can also occur through SMS messages on mobile devices – commonly referred to as ‘smishing’.

Young people can also be targeted by online scams; the Phishers’ Favorites report found that many of the top 20 impersonated brands online are ones popular with children and young people (such as Facebook, Microsoft, Google, WhatsApp, Netflix, Apple and Instagram).

Here are five things that can help you spot a phishing email:

  1. Sent from a public email domain – a message from a large genuine company (like Disney+ or TikTok) will never be sent from an email address such as @gmail.com or @outlook.com.
  2. Misspelt domain name – if the email domain is misspelt, or the website it links to contains a misspelt web address then these could also be clues that they are not genuine. Some scammers will buy up misspelt web address that closely mimic genuine ones e.g. www.göögle.com as this can easily fool people who might glance at the address rather than studying it in detail.
  3. Poor grammar or spelling – these can be indications that the email isn’t genuine. However, artificial intelligence tools are making it easier for cybercriminals to translate from their native language into other languages with a high degree of accuracy.
  4. Suspicious attachments or links – emails containing attachments (often shown by a paperclip symbol) or you to click on a link may be hiding a piece of malicious software (malware). Files can easily be renamed to something that might tempt you to open it e.g. ‘invoice.pdf’.
  5. A sense of urgency – emails that prompt you to take immediate action, such as an urgent email from your boss asking you to send information, or a message that appears to be from an online service threatening to suspend your account, could be phishing attempts. Rushing you into taking action gives you less opportunity to examine the email closely and spot any clues that might give it away as fake.
What is malware?
Meme with scene from the film "Finding neverland" featuring an adult and a child on a bench talking. "And then it said... your computer is infected" and the adult consoles the upset child.

Malware is malicious software that is disguised as a file, software or app to trick a user into opening, downloading or installing it onto their device. 

This article summarises the different types of malware that can be used to acquire personal data from others, but they typically include adwares, botnets, keyloggers, cryptocurrency miners, ransomwares, rootkits, spywares, trojans, viruses and worms.

One form of malware that presents risks to individuals but also to organisations (including schools) is ransomware, which infects a device, encrypts (locks) the files and sends a ransom message to the user.

Law enforcement advise that you should never pay the ransom to a cybercriminal – there is no guarantee they will return control of your files or never return in the future to extort more money. 

Ransomware is a crime and should be reported to local law enforcement – The No More Ransom project site contains details of who to report to in your country, as well as details of free decryption tools that exist for certain malware types, so that users can attempt to unlock their files rather than lose them forever.

One of the most effective ways to protect your data is to ensure that you use strong and memorable passwords on every online account and use a different password for each one.

The best passwords are based on three or four random words. There are a number of ways you can do this – you could use a random word generator, use a strategy like Diceware, or even make your own password dice to generate unique passwords, using the ‘Making Strong Passphrases’ activity on the School of Social Networks – a great activity to do with your child!

This chart (originally developed by Hive Systems) demonstrates why longer passwords are stronger:

Source: Hive Systems
Number of charactersNumbers onlyLowercase lettersUpper and lowercase lettersNumbers, upper and lowercase lettersNumbers, upper and lowercase letters, symbols
4InstantlyInstantly3 secs6 secs9 secs
5Instantly4 secs2 mins6 mins10 mins
6Instantly2 mins2 hours6 hours12 hours
74 secs50 mins4 days2 weeks1 month
837 secs22 hours8 months3 years7 years
96 mins3 weeks33 years161 years479 years
101 hour2 years1k years9k years33k years
1110 hours44 years89k years618k years2m years
124 days1k years4m years38m years164m years
131 month29k years241m years2bn years11bn years
141 year766k years12bn years147bn years805bn years
1512 years19m years652bn years9tn years56tn years
16119 years517m years33tn years566tn years3qd years
171k years13bn years1qd years35qd years276qd years
1811k years350bn years91qd years2qn years19qn years

However, trying to remember dozens of passwords is still tricky! So using a password manager app on your device to store all your log in details can make life easier. You can then secure the app with a strong memorable password – now you only have to remember one password in order to access all your passwords! (Be sure to keep this password secret!)

It is also recommended to use a strong password for your email accounts. If a cybercriminal can guess your email password, they can use your account to reset the passwords on all the services you have used it to sign up for.

What other cybersecurity strategies are important?

The following are strategies that all users (child or adult) can benefit from to strengthen their online security and reduce the chances of personal data or accounts being stolen or hacked:

Use 2-Step Verification – This is also known as ‘two step authentication’, or ‘two-factor authentication’ or ‘multi-factor authentication’. It can be switched on in many online accounts for apps and games. This means that every time you log in (especially from a new device or location), the app/game will send you a code via text message or email. You must enter that code in order to finish logging in.  This feature is very useful because it can let you know when someone has used your password to try to log in to your account. Without the special code, they can’t get into your account. If you receive one of these codes but haven’t tried to log in, then you know that someone else has, and that they know your password. If this happens, it’s extremely important to log in to the account as soon as possible and change your password. Where possible, it’s a good idea to turn this feature on for your accounts and encourage your child to do the same for theirs. 
Keep software and devices up to date - Criminals are quick to exploit vulnerabilities in software and technology. Always ensure that you keep your family’s devices’ operating systems and your anti-virus and firewall software updated, as well as update software/apps whenever prompted by your devices. 
Check for data breaches - You can enter your email address on the website ‘HaveIbeenpwned?’ to see if it has been involved in any data breaches. It will display a list of which sites/services were affected and when. Although there is little you can do about the personal data released publicly, you can go to your accounts on those affected sites and change your passwords so no one will be able to gain access to them. Encourage your learners to do the same.
Be wary – Look out for unexpected or suspicious messages, and never rush into providing personal data to a website. Always use a trusted method for logging in and accessing your accounts rather than clicking a link in an email or message.
Further information and resources

Educational resources from across the Insafe network of Safer Internet Centres. You can search for ‘cyber security’ or ‘data privacy’, for resources in your language and for resources for different age groups.

Better Internet for Kids resources directory

Lots of accessible advice for the public on how to protect personal data online and avoid scams and other cybercrime.

Europol’s public awareness and prevention guides

Europol’s site has links to national reporting websites for European countries.

Report cybercrime online

This guide provides useful advice on how to strengthen account security, including 2-Step Verification.

Google's Safety Centre

This resource for primary-aged children, teachers and parents/carers provides information and advice on a range of online issues, including privacy and security. There are accompanying activities that teachers can use in the classroom and parents can use at home.

School of Social Networks

Taking place each October, this campaign site contains a range of cybersecurity resources from different countries that can help promote positive cybersecure habits.

European Cyber Security Month (ECSM)
Knowing how to protect your data, accounts and devices from attack by cyber criminals is a vital skill for everyone. Learn more about how to be cybersecure.

A key skill needed by both children and adults online is cybersecurity: protecting your devices, online accounts and personal data from unauthorised access. It is important for you to know how to protect yourself as individual, and many of the steps you can take can also be taught to your child to encourage them to be cybersecure, even from a young age.

This deep dive will explore cybersecurity strategies that are useful for all family members, as well as some of the most common forms of cybercrime that you or your child may encounter online, specifically online scams such as phishing, and the use of malware.

Why is cybersecurity important?

Internet connected devices (such as smartphones, games consoles and computers) are a common part of modern life for many families. Depending on your family’s approach to using technology, there may be a range of devices that are used to access online services. Your child may also have their own devices and their own accounts, including social media, email and gaming accounts.

The personal data stored in online accounts and devices is valuable to criminals, particularly data related to accessing finances or possessions.

Getting into positive habits around privacy and security is important for everyone in your family to help avoid becoming the victims of cybercrime. It is also useful to learn how to spot common attempts online by criminals to steal personal data, possessions or money – the more aware you are, the easier it is to spot when a cybercriminal is trying to trick you or your family online.

What is cybercrime?

There are two main types of cybercrime:

  • cyber-enabled crime – traditional crimes that can be enhanced by technology (for example, child sexual exploitation, blackmail, fraud, extortion and drug smuggling).
  • cyber-dependent crime – crimes that can only occur through the use of the internet and technology (for example, hacking, cyberespionage, data theft, and malware).

This deep dive will mainly focus on the ways that you and your family can protect yourself from cyber-dependent crime, although many of these strategies can also help reduce the risk of other crimes such as fraud, identity theft or extortion.

What are the motives behind cybercrime?

Your personal data is valuable to online companies but also to cybercriminals. With enough personal data, a cybercriminal could:

  • Access your online accounts that enable them to collect/steal more personal data.
  • Sell personal data (such as credit card details, account passwords, etc.) to other criminals online.
  • Impersonate you – either to commit fraud or to commit acts that might damage your reputation, well-being or safety.
  • Hijack your accounts/devices to use in other crimes, such as using them as part of a coordinated attack alongside other hacked accounts/devices to take down a website. This is often referred to as a ‘botnet’.
What types of scams are there online?

Thanks to the wide variety of online services, online scams can take many different forms:

Romance scamsBuilding a romantic relationship and trust in order to request large sums of money from you.
‘Get rich quick’ schemes Scams promising a quick return on a small investment but are designed purely to take your money.
Impersonation on social media Setting up a fake account that impersonates you in order to add your friends and obtain their personal data.
Fake shopping sites/productsSelling fake products or services in order to take your money. You end up receiving no product in return or a product of much lesser value than advertised.
PhishingEmails pretending to be from a genuine service (like Netflix or a bank) encouraging you to click a link to confirm your account details and enter personal data such as usernames and passwords.
Unexpected prizes/competition winsPromises of a prize in return for a small payment or sharing of personal data.
Fake investment offersScams promising a large return on an investment or seeking to pass money through your bank account and pay you a percentage as a reward (also known as ‘money muling’, a form of money laundering).
ExtortionThreatening you with physical or reputational harm unless you comply with the scammer’s demands or pay them to go away. Sextortion scams involve scammers claiming they have intimate images of someone and will release them into the public domain unless paid not to. Many sextortion scams target young men and boys.
Tech support scamsUnexpected contact from a tech support line or company offering to take control of your device to fix a problem. Once they have control, they install malicious software (malware) or steal personal data.
MalwareDisguising a virus as a genuine file, software or app to encourage you to install or download it onto a device. Some software (like keyloggers) allows a criminal to record all actions on a device, including keys pressed on a keyboard when inputting details such as passwords.
RansomwareMalware that encrypts (locks down) all files on a device and will only unlock those files when a ransom is paid. As the encryption is often very strong, victims are faced with the choice of paying the ransom or losing their data forever.

Regardless of the type, the motive is always the same – to trick an online user into giving away personal data or other information in order for a scammer to defraud them or take advantage of another person, usually for financial gain.

Activity:

Consider the following scams and how likely they might be to affect your child.

Type of scamHow likely is it to affect your child?
Romance scams 
Get rich quick schemes 
Impersonation 
Fake shopping 
Phishing 
Unexpected prizes 
Fake investments 
Extortion 
Tech support scams 
Malware 
Ransomware 
Highly unlikelyUnlikelyLikelyHighly likely
What is phishing?

Phishing is a common technique used by cybercriminals to trick users into revealing their personal data by pretending to be popular online products and services. The most common form of phishing is an email that appears to be from a trusted source such as your bank or an online service you use (such as Netflix) asking you to confirm or update your account details. These emails always include a link to a fake webpage - it looks like the genuine site but is designed to steal any personal data entered (like usernames and passwords). Criminals can then use your details to gain access to your real account. This can also occur through SMS messages on mobile devices – commonly referred to as ‘smishing’.

Young people can also be targeted by online scams; the Phishers’ Favorites report found that many of the top 20 impersonated brands online are ones popular with children and young people (such as Facebook, Microsoft, Google, WhatsApp, Netflix, Apple and Instagram).

Here are five things that can help you spot a phishing email:

  1. Sent from a public email domain – a message from a large genuine company (like Disney+ or TikTok) will never be sent from an email address such as @gmail.com or @outlook.com.
  2. Misspelt domain name – if the email domain is misspelt, or the website it links to contains a misspelt web address then these could also be clues that they are not genuine. Some scammers will buy up misspelt web address that closely mimic genuine ones e.g. www.göögle.com as this can easily fool people who might glance at the address rather than studying it in detail.
  3. Poor grammar or spelling – these can be indications that the email isn’t genuine. However, artificial intelligence tools are making it easier for cybercriminals to translate from their native language into other languages with a high degree of accuracy.
  4. Suspicious attachments or links – emails containing attachments (often shown by a paperclip symbol) or you to click on a link may be hiding a piece of malicious software (malware). Files can easily be renamed to something that might tempt you to open it e.g. ‘invoice.pdf’.
  5. A sense of urgency – emails that prompt you to take immediate action, such as an urgent email from your boss asking you to send information, or a message that appears to be from an online service threatening to suspend your account, could be phishing attempts. Rushing you into taking action gives you less opportunity to examine the email closely and spot any clues that might give it away as fake.
What is malware?
Meme with scene from the film "Finding neverland" featuring an adult and a child on a bench talking. "And then it said... your computer is infected" and the adult consoles the upset child.

Malware is malicious software that is disguised as a file, software or app to trick a user into opening, downloading or installing it onto their device. 

This article summarises the different types of malware that can be used to acquire personal data from others, but they typically include adwares, botnets, keyloggers, cryptocurrency miners, ransomwares, rootkits, spywares, trojans, viruses and worms.

One form of malware that presents risks to individuals but also to organisations (including schools) is ransomware, which infects a device, encrypts (locks) the files and sends a ransom message to the user.

Law enforcement advise that you should never pay the ransom to a cybercriminal – there is no guarantee they will return control of your files or never return in the future to extort more money. 

Ransomware is a crime and should be reported to local law enforcement – The No More Ransom project site contains details of who to report to in your country, as well as details of free decryption tools that exist for certain malware types, so that users can attempt to unlock their files rather than lose them forever.

One of the most effective ways to protect your data is to ensure that you use strong and memorable passwords on every online account and use a different password for each one.

The best passwords are based on three or four random words. There are a number of ways you can do this – you could use a random word generator, use a strategy like Diceware, or even make your own password dice to generate unique passwords, using the ‘Making Strong Passphrases’ activity on the School of Social Networks – a great activity to do with your child!

This chart (originally developed by Hive Systems) demonstrates why longer passwords are stronger:

Source: Hive Systems
Number of charactersNumbers onlyLowercase lettersUpper and lowercase lettersNumbers, upper and lowercase lettersNumbers, upper and lowercase letters, symbols
4InstantlyInstantly3 secs6 secs9 secs
5Instantly4 secs2 mins6 mins10 mins
6Instantly2 mins2 hours6 hours12 hours
74 secs50 mins4 days2 weeks1 month
837 secs22 hours8 months3 years7 years
96 mins3 weeks33 years161 years479 years
101 hour2 years1k years9k years33k years
1110 hours44 years89k years618k years2m years
124 days1k years4m years38m years164m years
131 month29k years241m years2bn years11bn years
141 year766k years12bn years147bn years805bn years
1512 years19m years652bn years9tn years56tn years
16119 years517m years33tn years566tn years3qd years
171k years13bn years1qd years35qd years276qd years
1811k years350bn years91qd years2qn years19qn years

However, trying to remember dozens of passwords is still tricky! So using a password manager app on your device to store all your log in details can make life easier. You can then secure the app with a strong memorable password – now you only have to remember one password in order to access all your passwords! (Be sure to keep this password secret!)

It is also recommended to use a strong password for your email accounts. If a cybercriminal can guess your email password, they can use your account to reset the passwords on all the services you have used it to sign up for.

What other cybersecurity strategies are important?

The following are strategies that all users (child or adult) can benefit from to strengthen their online security and reduce the chances of personal data or accounts being stolen or hacked:

Use 2-Step Verification – This is also known as ‘two step authentication’, or ‘two-factor authentication’ or ‘multi-factor authentication’. It can be switched on in many online accounts for apps and games. This means that every time you log in (especially from a new device or location), the app/game will send you a code via text message or email. You must enter that code in order to finish logging in.  This feature is very useful because it can let you know when someone has used your password to try to log in to your account. Without the special code, they can’t get into your account. If you receive one of these codes but haven’t tried to log in, then you know that someone else has, and that they know your password. If this happens, it’s extremely important to log in to the account as soon as possible and change your password. Where possible, it’s a good idea to turn this feature on for your accounts and encourage your child to do the same for theirs. 
Keep software and devices up to date - Criminals are quick to exploit vulnerabilities in software and technology. Always ensure that you keep your family’s devices’ operating systems and your anti-virus and firewall software updated, as well as update software/apps whenever prompted by your devices. 
Check for data breaches - You can enter your email address on the website ‘HaveIbeenpwned?’ to see if it has been involved in any data breaches. It will display a list of which sites/services were affected and when. Although there is little you can do about the personal data released publicly, you can go to your accounts on those affected sites and change your passwords so no one will be able to gain access to them. Encourage your learners to do the same.
Be wary – Look out for unexpected or suspicious messages, and never rush into providing personal data to a website. Always use a trusted method for logging in and accessing your accounts rather than clicking a link in an email or message.
Further information and resources

Educational resources from across the Insafe network of Safer Internet Centres. You can search for ‘cyber security’ or ‘data privacy’, for resources in your language and for resources for different age groups.

Better Internet for Kids resources directory

Lots of accessible advice for the public on how to protect personal data online and avoid scams and other cybercrime.

Europol’s public awareness and prevention guides

Europol’s site has links to national reporting websites for European countries.

Report cybercrime online

This guide provides useful advice on how to strengthen account security, including 2-Step Verification.

Google's Safety Centre

This resource for primary-aged children, teachers and parents/carers provides information and advice on a range of online issues, including privacy and security. There are accompanying activities that teachers can use in the classroom and parents can use at home.

School of Social Networks

Taking place each October, this campaign site contains a range of cybersecurity resources from different countries that can help promote positive cybersecure habits.

European Cyber Security Month (ECSM)
© BIK
© BIK
Stay informed

Read the quarterly Better Internet for Kids bulletin for all the latest news.