Anyone who’s spent any time around the internet has probably heard of phishing emails, or those really strange messages that try to get you to click a link or reveal personal information about yourself, or may even go so far as to try to get you to make payments of some kind. They’re usually pretty far-fetched and the grammar is often laughable; thanks to those facets and to public awareness of the problem, most people can recognize a phishing attempt when they see one.

PhishingBut a new variation on phishing attempts is called spear phishing, and it’s a lot harder to recognize. Spear phishing, given that name because the scammer is targeting you specifically instead of just sending out random “shot in the dark” emails that someone will hopefully fall for, is a lot more likely to be successful if you let it. It works because scammers pay attention to your internet activity and send you requests that look like the real thing, claiming to be from companies you actually do business with.

How are you involved in this process? Scammers can pull off spear phishing attempts based on the information that you share about yourself, as well as other internet behaviors like using the same password for multiple websites. When you post updates to social media, especially about accounts, companies you do business with, purchases you’ve made, and more, you’re handing over vital information that a scammer can use to target you.

For example, clicking a Like button on a retailer’s website may send information to Facebook on your behalf. A new status update appears—one that was auto-generated when you clicked Like—that says, “I just Liked (insert name of retailer or commerce site here).” From that single post, a scammer can then send you an email using the address listed in your Facebook account, telling you that your account at that website has been activated and needs to be updated to complete the registration process. When you receive that email and click the link or enter the data, you just handed over the content a scammer needs to steal your identity. Moreover, when you enter that password on the fraudulent registration, if you’re like far too many internet users, you may have just given the scammer the password you use on other important websites.

You may have also seen status updates from individuals you know that say things like, “I just bought a Bob’s Camp Gear Royal Sierra Ten-Person Polynylon Tent on Amazon.” Why would your friends post something like that? They may not have meant to. Many retailers use this kind of one-click activity as a form of advertising, so when you make a purchase and inadvertently click the offered button, you just informed your social media connections of your purchase.

But guess what a scammer just saw? You’re going camping, and you have a business relationship with the folks at Bob’s Camp Gear.

Based on that one button you clicked, he can then target you with emails or social media messages that seek to gather information on you. Right off the bat, Bob’s Camp Gear would be a great company to pose as, since you just gave them your information and established an account. All a scammer has to do is say, “There’s a problem processing your order of a Royal Sierra Ten-Person Polynylon Tent.” He has the name of the product you ordered, the knowledge that you ordered it from Amazon, and even a link to the exact product you looked at, all of which was contained in that simple status update you made.

How do you avoid this kind of attack? Once again, it all comes down to oversharing. Make sure that the information you share and the posts you put up on social media websites—including the responses and conversations you have on friends’ social media posts, since you can’t be sure who is seeing those posts besides you—doesn’t contain specific details about you, your family, your shopping or financial activity, or more. Keep your internet posts limited to innocuous information, and don’t hand over your personally identifiable information by mistake to someone who could use it against you.

 

How aware of scams and data breaches are you? Take our survey, let us know: goo.gl/y8C3u5.

When the social media site Snapchat first appeared on the internet, it didn’t take long for its built-in appeal to become obvious to its hordes of mostly younger users. In essence, Snapchat worked by letting users send a “snap,” which was a message, video, or image that would completely disappear after a matter of seconds. Even the site’s developers have admitted that the appeal of the platform was its ability to let users send compromising content to their friends while enjoying the safety of knowing that the content couldn’t be stored or shared. This made the site an overnight success in terms of the increasingly popular practice of “sexting,” or sending nude images or suggestive texts to someone, knowing that the recipient couldn’t use the content in a malicious way.

What could possibly go wrong, right?

First, news broke earlier this year that Snapchat’s messages don’t actually disappear, they simply “expire.” This is to say that the cell phone carriers each user signs onto can still store the content on their servers. Users are not supposed to be able to access that content, but it’s far from gone. In fact, the platform settled in an agreement (pdf document) with the Federal Trade Commission over the site’s misrepresentation to users about the security of their content and the gathering of their personal data in user profiles.

But like an eerily similar hacking event akin to the celebrity nude photo leak that appeared on 4chan recently, a hacker recently accessed the stored content of an estimated 200,000 Snapchat users and announced the leak of as much as 13GB’s worth of pictures that users had sent through the platform. In an event being dubbed The Snappening, the hacker also claims that he’s produced a database of the images that will make them searchable and will link back to users’ identifying information.

Snapchat has insisted its website has not been hacked, but that isn’t the issue here. The problem is the use of third-party apps—which is a direct violation of Snapchat’s terms of service—that let users snag images and content and save it. One of these third-party apps, Snapsaved, has apparently been hacked and is the source of the illegally accessed content. Snapsaved has already issued a statement confirming the breach, but denies that the hacker should have been able to access the users’ personal information to create his database.

Given Snapchat’s popularity with young people and its reputation for being a discreet way to send nude and sexually suggestive images, it’s entirely possible that this breach and leak will result in child pornography charges, if the authorities can uncover and locate the hacker. Unfortunately, given the fact that 4chan operates as a no-rules, anonymous forum for this kind of activity, it’s equally likely that the culprit won’t be apprehended anytime soon, if ever.

The take away from this event is that internet users—even those so-called digital natives who have never lived in a world where the internet didn’t exist—have to get smarter about understanding how online behaviors actually impact the users, and need to remember the old maxim that nothing ever disappears from the internet. When the FTC took action against Snapchat for openly misrepresenting the functionality of the site, that should have been enough of a warning that the purpose of the site was not to be trusted to operate the way it claims, and hopefully this recent event will secure that in users’ minds.

It’s National Cyber Security Awareness Month, and this week’s theme is Secure Development of IT Products. What does that mean to consumers? It means working to protect technology and personal data through better standards for product design, and a better awareness of the behaviors that lead to a data breach. With news this year of several different vulnerabilities in operating systems and the breaches of several major corporations that leaked millions of consumers’ personal information each, it stands to reason that better IT protocols need to be put in place.

Apple took some of the first steps this year with the unveiling of its iPhone 6, spending a significant amount of time leveraging the security enhancements of the device and its Cloud backup system, a system that was recently breached and resulted in the sharing of dozens of celebrities’ personal photos. Other phone manufacturers have joined Apple in stating they will be putting security measures in place that will also decrease outsiders’ access to content customers store on the devices or in the cloud, including government officials and agencies.

But there are some factors that make IT security difficult, and they’re largely a consumer problem. According to some reports, not only has mobile traffic increased exponentially, there is still an awareness issue on the part of many mobile device users who simply don’t know the methods by which content can be hacked and accessed. If consumers don’t know how hackers are retrieving their content, how do they know if they’re making it all too easy for the bad guys?

Unfortunately, some of those behaviors have seen a rapid increase, such as buying jailbroken phones or jailbreaking devices themselves, downloading suspicious apps that contain malware, making financial transactions on mobile devices with unsecured, unvetted vendors, and more.

One of the chief dangers to personal information is the abundance of features that mobile device manufacturers are working to incorporate, all in an effort to entice customers to their brands. In the frenzied race to offer the shiniest or most capable device on the market, the door is left wide open for vulnerabilities and flaws in the system that can compromise millions of users’ safety.

With NCSAM in its second week, the focus is on ensuring that all of us—from consumers to developers to manufacturers—maintain safe mobile and connected behaviors and ensure that all of the products we use and rely on are as secure as possible. While the device developers are obviously the first step in producing a secure product, it falls to the individual user to make sure that nothing sensitive is put out there for hackers to harvest. By working together on IT security, we can prevent many of the large scale breaches that have already plagued 2014.

 

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.

One of the touchiest subjects concerning the use of technology in any workplace has got to be the policies concerning social media use and private account use. With the rise in popularity of bring your own device initiatives, some managers and supervisors have wondered about the legality of blocking certain websites or issuing mandates against certain online behaviors in the workplace. But there are plenty of good reasons to have a cautious policy in place, and even better reasons to make sure that everyone is on board.

Part of the goal of National Cyber Security Awareness Month is to make sure that companies have sound antivirus and anti-malware software in place, but also that they’re protecting their networks through clear policies on workplace cyber safety.

The very first problem with internet policies in the workplace might be the way they’re presented. Instead of focusing on the need for protecting valuable equipment, keeping IT protocols secure, and protecting employee and customer data, too often these policies spread a different message: you’re a lazy employee who would play on Facebook all day if we weren’t watching you.

If there’s an employee in your company who would spend hours at a time engaging in personal use of social media while on the clock, you have a problem that an internet filter won’t solve. Block the social media sites, and it will be solitaire or Candy Crush instead. But creating an environment in the workplace that practically accuses the entire staff of being dishonest isn’t the approach you want to take, especially not when your technology and sensitive data are at stake.

Simply outlawing or blocking social media, YouTube, personal emails, and similar internet use obviously sends the wrong message throughout your company. It’s hurtful and a largely inaccurate description of your workforce. Unfortunately, that seems to be the tactic that too many bosses take with social media use, while ignoring the very real purposes that social media serves. Now that sites like Facebook are a significant part of our culture, schools and teachers send messages to their class groups through the site, companies send out one-day-only specials through their pages, even news outlets and law enforcement agencies send out important updates through messages posted to their walls. Simply stating that social media is forbidden on company time is not only degrading and disruptive, it can lead to “sneaking” behaviors.

Once someone discovers a way to go around an internet filter or uses his or her own device to access a site on the company’s network, then the real trouble can begin. That’s when antivirus software can be rendered ineffective, and when suspicious looking activity on work computers doesn’t get reported since the employee responsible would have to admit to violating the company policy.

Think this is a problem that only large companies face? Think again. The massive Target data breach that affected millions of the retailer’s customers last holiday season (and already has cost the corporation millions of dollars) has been linked back to a heating and air conditioning company that handled the HVAC repairs for a number of Target locations. An employee in that small business apparently opened a link in an email, therefore downloading malicious software to the HVAC company’s network. Once the connection between the HVAC and Target’s network was discovered, the software was then integrated into Target’s computers.

A far better company policy is one that understands the communication needs of employees, and acknowledges that the need to stay connected doesn’t stop just because an employee is on the clock. Explaining to your staff, “I understand social media is an important tool, so we ask that you limit your personal account use to breaks, during your lunch hour, or under extenuating circumstances,” will go a lot farther towards helping your staff feel valued and trusted; this can also carry over into the reporting of IT problems as they occur, instead of waiting for the servers to crash or a breach to happen, and the investigation into the causes. By educating your employees on the proper online behaviors and the allowable personal use times, you’ll foster a workplace that builds your staff up and lets them know they are valued team members, all while protecting your IT efforts and your data.

 

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.

 

 

The Heartbleed security flaw from a few months ago may have put everyone on edge about internet security, and it’s a good thing it did. The response to the most recent bug has been a lot more low-key, possibly because we were all a little more prepared for it, even while it seems to have affected potentially more users than Heartbleed.

LaptopCalled the Shellshock, or Bash Bug for the way it operates within the Bash shell, this new issue was discovered on September 24th, and news quickly circulated of its potential for problem causing. Basically anything that a legitimate user of a Bash shell-enabled computer, server, or device can do, an attacker can also do remotely.

While the good news is that many average consumers don’t engage in all the behaviors that make Shellshock a true threat to their data, the bad news is that the vulnerability that made hacker access possible was specifically exploited to breach computers that are connected to a server. This means that businesses and corporations that store a lot of gathered data are the most at risk, putting consumers’ personally identifiable information in danger, too.

When the Shellshock or Bash Bug was first uncovered, the early estimates were that somewhere in the neighborhood of several hundred thousand servers were vulnerable, but some industry watchers are already saying that this number might be a little low. The real danger from this bug is that the hacker can have all of the same access that a legitimate user can have, and can therefore theoretically insert code or software into the system without calling attention to it, meaning the breach may go unnoticed indefinitely while hackers quietly access information from the server.

Much like Heartbleed, it’s thought that the Bash Bug has been in place for a long time and has simply been overlooked; it’s possible but unknown at this point if individuals have already exploited the bug sometime in the past and simply not said anything about it. Unlike Heartbleed, though, which is thought to have been in place for only a handful of years, some experts believe that Bash Bug vulnerability may have been in place for nearly twenty years.

The first step for individuals who are concerned about their privacy and security is to determine if their systems use the Bash shell, and then download the patch from their tech providers if they are affected. These patches are important for the protection of your system and your information. There are also handy guides from companies like Red Hat that will help you determine whether or not your computer or system has been affected.

The next step is to remember to use this as a wakeup call. Right now, experts believe Windows is not affected and that Mac and Linux users have the most to worry about, but that doesn’t mean it’s okay to disregard these warnings. Make sure you’re backing up important data and then removing it from your system, preferably by moving it to an external hard drive that does not stay connected to your computer when it’s not in use. Much like Heartbleed before it, Bash Bug can serve as a reminder that our technology is only as secure as we can make it, and that there are vulnerabilities in almost every system. Protect your content, your data, and your system through careful monitoring, and don’t wait until there’s a new bug to make sure you’re in the clear.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.

If you are a business owner or consumer, it’s time to mark your calendar for National Cyber Security Awareness Month to educate yourself, employees and your customers on the latest identity-theft and cybersecurity trends.

This cybersecurity effort offers tremendous resources to help you know more and better protect yourself and your business.

The full-month program was created collaboratively by the Department of Homeland Security in cooperation with the National Cyber Security Alliance to help consumers and businesses be safer and secure online.

Each week during October, National Cyber Security Awareness Month is providing a different cybersecurity theme. I advise that you engage each week or be sure to look into the topics that are most important to your business and you personally as a consumer.

Week 1: Oct. 1-3: Promotes online safety with the “Stop. Think. Connect.” campaign where cybersecurity is a shared responsibility and everyone can take a few simple steps to make the Internet more secure. This week will also highlight efforts related to Executive Order 13636 to strengthen the security and resilience of the nation’s critical infrastructure.

Week 2: Oct. 6-10: Highlights secure development of information-technology products, where building security into information technology products, including the phones, tablets and computers we use every day, is key to enhanced cybersecurity.

Week 3: Oct. 13-17: Highlights the importance of protecting critical infrastructure and properly securing all devices, including household items that are connected to the Internet.

Week 4: Oct. 20-24: Promotes cybersecurity for small- and medium-size businesses and entrepreneurs by showcasing what emerging and established businesses can do to protect their organizations, customers and employees.

Week 5: Oct. 27-31: Supports cybercrime and law enforcement by encouraging consumers and businesses to work with law enforcement to combat cybercrime and educate people on how to protect themselves from online crime.

One of the best aspects of National Cyber Security Awareness Month is that it involves a diverse group of participants, including students, parents, educators, young professionals, seniors and representatives of government, small and big businesses and law enforcement. Another great aspect is the focus on learning about cybercriminals and how they can use personal information to steal identities and access banking, shopping, social media and other personal accounts.

National Cyber Security Awareness Month also provides year-round tips on a number of related topics, including how to improve your password management; keeping your operating system, browser and other critical software optimized by installing updates; limiting the amount of personal information you post online; and using privacy settings to avoid sharing information widely.

Go to http://www.dhs.gov/national-cyber-security-awareness-month-2014 to learn more and see how your business can participate.

Mark’s most important: Learn all you can from October’s National Cyber Security Month or you might learn the hard way about the pain and cost of ID theft. Stop. Think. Connect. at http://www.dhs.gov/stopthinkconnect-get-informed.

 

Mark Pribish is vice president and ID-theft practice leader at Merchants Information Solutions Inc., a national ID-theft and background-screening provider based in Phoenix. Reach him at markpribish@merchantsinfo.com.

This article was originally published on AZcentral.com and republished with the author’s permission.

If you’re like most people, you may not think much about cyber security until an incident or event causes you to have to revisit your personal data’s safety. But October is National Cyber Security Awareness Month, and this is a great time to put forth a little extra effort in making sure that you and your loved ones are as safe as possible and that your personally identifiable information is secure.

The theme of this year’s NCSAM is “Our Shared Responsibility,” as we all have a role to play in protecting our data and our privacy. Now celebrating its eleventh year as a joint effort between consumer-based industries and the US government, NCSAM is an awareness campaign that impacts every single citizen, even those who may not think they lead “internet lives.” Citizens who are less digitally connected than others are still impacted by cybercrime, as it’s a type of crime that takes a toll on our important infrastructures, our economy, and our national security.

So how do you get involved in this important event? The first step is as simple as informing yourself about the issues that all citizens face where cyber security is concerned. Make sure you’re keeping up with reputable news sources and industry watchers, such as through following their social media posts, to stay up-to-date on the current scams and fraudulent activities of cyber criminals.

It’s important to share the news about validated threats with people you know, too. Once you know about cyber security and its tips or threats, make sure you’re sharing that knowledge through your own internet activity. Share important updates on your social media pages, through your email, or through your own website or blog, if you have one.

At your job, you may have company policies that allow personal use of computers and wifi, but has your company considered the implications of having malicious software downloaded to its network by something as simple as an employee opening a link in a personal email? Have you approached anyone in your workplace about the need for greater cyber security awareness and training? If not, now is the time to point supervisors and policymakers to the NCSAM website for information, tips, and even printable materials for the workplace, courtesy of National Cyber Security Alliance.

Cyber security also has to be your focus at home, so it’s a good idea this month to conduct your own security checkup of your personal internet use. Are your accounts well protected with unique, strong passwords? Are you updating those passwords throughout the year to protect your accounts? Are your alerts set in place that will inform you via text or email of fraudulent activity in your online banking, credit cards, online payments systems, and more?

Cybersecurity can’t be something we think about only in October, but by adopting some best practices and safe behaviors now, we can develop habits that protect us all throughout the year. Use this campaign all month long to help establish safer internet use at home and at work.

Is your business prepared for the cost, liability and potential business interruption of a data breach? Your business being hit by ID-theft criminals is a frightening thought, but one you should consider. Thousands of small businesses experienced a data breach around the same time as Target was making headlines, according to a Department of Homeland Security report published in August.

The report from DHS, in partnership with the Secret Service and others, said the attacks were pervasive, with ID-theft criminals scanning computer networks of businesses for vendors or employees who had remote access. Hackers then were able to run programs to attain usernames and passwords for network access.

So what is a business cyber-risk, and why should you care? Cyber-risks include electronic and hard-copy information assets, computer networks, e-business applications, and a website and Internet presence. Cybercriminals really want and understand the value of the sensitive information companies commonly have on customers and employees, and they could care less about the financial, brand and other disastrous damage they inflict on the businesses they hit.

When any organization fails to prevent its information from being lost or stolen – known as a data breach event – that organization can be liable and/or legally responsible and may be required to send notification letters to affected individuals and provide them credit bureau monitoring in an attempt to detect financial ID theft.

Other cyber-risks include intrusions to steal trade secrets and cyberextortion, when a hacker threatens to steal or release confidential information unless the business pays the criminal.

What can you do about cyber risks for your organization? Consider cyberinsurance to help protect your business when you experience a data-breach event. Cyberinsurance reimburses for expenses such as notification costs, providing credit bureau monitoring, lost business, reputation, crisis management and the cost of restoring lost data. It can also cover accidental employee releases of confidential information or the commission of an unauthorized act.

Not all cyberinsurance is equal; different policies have different exclusions. Should you decide to get cyberinsurance, be sure to ask your broker about the coverage in general and specifically about the following list of common exclusions:

• Fraud and illegal activity.

• Unlawful collection of personal information.

• Spam or the distribution of unsolicited e-mails.

• Interruption of Internet access.

• Terrorism, as many cyberattacks originate in foreign countries.

• Undetected policy language in the court of law.

In addition, DHS recommends that companies limit the number of vendors with company network access and require more complex passwords for vendors and employees.

Small-business owners, please note: Your business is a target, and recent statistics show that 31 percent of data breaches were organizations with 100 employees or less.

Mark’s Most Important: Cyberinsurance may be a good option to help your business minimize today’s cyber-risks. Work with your insurance broker to determine your cyber-risks and the best coverage for your organization.

Mark Pribish is vice president and ID-theft practice leader at Merchants Information Solutions Inc., a national ID-theft and background-screening provider based in Phoenix. Reach him at markpribish@merchantsinfo.com.

This article was originally published on AZcentral.com and republished with the author’s permission.

Newer cars, USB drives and in-flight Internet are among the looming dangers cited for information and physical security at the recent 17th annual Black Hat Conference. It’s the world’s premier global information security event and one I follow closely.

Black Hat Conference security experts want you to know that cybercriminals will continue to be a dangerous threat as they steal our personally identifiable information to open accounts fraudulently, use medical services, or break into our homes and more.

Because the Black Hat Conference includes top experts, law enforcement and even reformed hackers, the quality and timeliness of presentations are remarkable on topics such as information security, identity theft, personal privacy, hacking, malware, and reverse engineering. The goal is to reveal and discuss new threats and research in the field of cybersecurity.

Among the most-talked-about topics:

• How secure is your automobile? Today’s autos use numerous on-board computers that control a variety of functions such as your acceleration, Bluetooth, braking, global positioning system and steering. Security experts at the conference showed how today’s car has the potential to be hacked. Examples include cybercriminals remotely hacking into your car and eavesdropping on your private conversations. In some cases, hackers could affect and control your global positioning system, keyless entry, steering wheel and brakes.

• How about the USB drives that we all use? Security experts identified a new threat, named BadUSB, that “could infiltrate your network using common USB devices” and with an attack approach, “affect just about everything USB-related, including your computer with USB ports.”

• Home security systems and hotel doors can be remotely hacked into from across the street — or thousands of miles away.

• Another potential vulnerability cited in a presentation is how commercial airlines and their wireless Internet and entertainment systems can be compromised. However, the researcher acknowledged that the opportunities and risks are very low at this time.

We need to be aware that cybercriminals no longer spend their time and focus on financial institutions as the only lucrative target. Any organization, from a small business to global conglomerates or nonprofits — including health care, social media, transportation, and utilities — are new and emerging targets if they are connected to the Internet.

While the annual Black Hat conference is a great source of education in assessing current and future information security threats and risks, consumers and businesses should not greet the knowledge with fear. I recommend that you take this knowledge to fuel a heightened awareness with today’s technology and be prepared to prevent and protect for future ID-related security issues.

Mark’s most important: The world’s top cyber experts are doing all they can to stop the rate of ID theft, but each of us must do our part to know what the ever-changing threats are and how we can reduce them.

What’s your biggest ID theft fear? Send a brief e-mail describing what your top ID theft concerns are and why. Answers will be given in future columns.

Mark Pribish is vice president and ID-theft practice leader at Merchants Information Solutions Inc., a national ID-theft and background-screening provider based in Phoenix. Reach him at markpribish@merchantsinfo.com.

This article was originally published on AZcentral.com and republished with the author’s permission.

The news headlines are filled with reports of hacking, data breaches, cybercrimes, and identity theft, and it feels like criminals find new ways to take advantage of any flaws in our technology every day. But there is a way to leverage how technology works, specifically social media accounts, in order to help protect your loved ones.

With the advent of social media and the abundance of platforms that let users semi-anonymously connect with strangers, parents have become very concerned about their children’s online activity. There is an increasing awareness of so-called cyberbullying, for example, or incidents that occur when a user is targeted by others through social media. There are also valid concerns about inappropriate content being shared, or that individuals with harmful motives may prey on children who use the internet.

A note on cyberbullying and online predators: too often, the victims don’t speak up for fear that reporting it to parents or school officials will just make it escalate. They feel powerless to stop something that is already spreading across the internet and are afraid that adult intervention will make it worse. Sadly, victims of cyberbullying have even resorted to suicide, and in some cases, their parents didn’t even know there was a problem. Only after that fact have outsiders told the parents what was happening, and even shown the parents some of the horrible posts on social media that targeted their children. Cases like that of Megan Meier have brought national attention to a situation that many parents were unaware of.

Now, app developers are introducing new tools that can help parents protect their children while still giving them the space to use social media platforms. These apps, many of which function by sending the parents text messages or alerts whenever certain keywords appear on their kids’ social media pages, can help parents feel like they’re intervening to prevent problems before they arise.

Keyword alerts can let parents know if their children are sending or receiving messages through texting or through sites like Facebook, Twitter, Instagram, and others that contain pre-determined words or phrases. These keywords can include racial slurs, sexual terms or innuendoes, profanity, or more. The apps often allow parents to set up blocks based on categories and by age of the child in question. These alerts then let parents know—in order to erase or block—messages that are either in print or image form. Some of the apps require the parents to know their children’s social media user names and passwords in order to quietly monitor their children’s activity, while others are designed for the parents to work with their kids to setup master lists, categories, and controls.

Critics of this type of app have stated that this amounts to nothing more than spying, which is something we as adults would never tolerate if we were the ones being watched. And ideally, there should be open communication and awareness of internet use and strict adherence to family rules about how these platforms will be used. But for parents who have reason to need this type of safeguard to protect their children’s physical safety, there are tools available through most mobile app stores.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.