How Hackers Could Use Virtual Schooling to Steal Your Information

If you’re a parent, you’re well aware of just how many challenges virtual schooling presents. It’s incredibly stressful to get your kids to pay attention in their “classrooms,” as well as exhausting to juggle your work schedule with their school schedule. Well, now there’s another thing you need to worry about: hackers.

As more school districts rely on remote learning, they’re increasingly becoming targets for cybercriminals. After all, they are treasure troves of information—their computers are filled with the confidential personal details of every family in the district—and with only a Social Security number, cybercriminals can swipe someone’s personal identity. Even more alarming, child identity theft is on the rise and can negatively impact your kids in the future. Here’s what you need to know to protect your family’s personal information—and what you need to do if your school district is hacked.

Why hackers are targeting school districts

The bottom line: It’s a good opportunity for bad people, since the pandemic has further stressed already-stressed school resources. “Our IT departments are having to do 100 things and get that done yesterday,” Toni Clay, a spokesperson for the Athens Independent School District in East Texas, told Pew Trusts. “New software, issuing new devices, installing cameras, helping out families and staff having trouble getting the technology to work for them. That already is a tremendous amount of strain on the infrastructure of a school district. It makes us targets for people who care nothing at all about the impact this type of destruction has on our communities.”

And because criminals see schools as easy targets, they’re upping their game with ransomware. After employing this encrypted malware that infiltrates a server or database, hackers demand ransom in exchange for retrieving the personal information or even accessing the platforms themselves. According to Doug Levin, a cybersecurity expert who created the K-12 Cybersecurity Research Center, this was a problem even before COVID-19, with ransomware attacks increasing from 11 incidents in 2018 to 62 in 2019. Now, experts are concerned that these numbers will rise even further and that the blackmail will be even more exorbitant. For example, cybercriminals used to demand a few thousand dollars, but they’re now asking for an average of $150,000 to $250,000. Since early September, at least four school districts have had information stolen and then published online.

A more subtle but equally important threat

Believe it or not, your email address is actually a hacker’s primary method of attaining your personal information, something that can be easily accessed through a school hack. That’s why you need to be on the lookout for phishing emails. These emails appear to be from a legitimate company you’re familiar with—like your bank, credit card company, an online store, or, yes, a school—but are actually from a hacker. According to the Federal Trade Commission, these emails often “tell a story to trick you into clicking on a link or opening an attachment.” If you receive an email asking you to update your account, change your password, or make a payment, do a little digging first and contact the company directly to make sure that it is indeed legit. FYI, here are some of the alarming things a hacker can do when they have your email address.

What a criminal can do with a Social Security number

So, why should parents be concerned if their child’s Social Security number is exposed? According to the Federal Trade Commission, “a child’s Social Security number can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live.” In fact, criminals specifically seek out kids’ and teens’ information because fewer people suspect that their information will be stolen, which means it can go unnoticed for years—usually until they’re adults and attempt to open a credit card. This is just one of the reasons we should avoid using a social security number when possible.

To make matters more complicated, a criminal doesn’t even need the child’s address or real birth date to fabricate a new identity. “One of the increasingly common methods of using children’s stolen credentials is to grab a Social Security number and combine it with a fake name, address, phone number, and more,” explains the Identity Theft Resource Center. “Known as ‘synthetic identity theft,’ the thief isn’t using the child’s complete identity, but rather has created a whole new person with this information. That makes it a little harder for victims and law enforcement to notice the problem in the first place or take action after the fact.”

How parents can protect their kids

While this all seems pretty dire, the good news is that parents can take actionable steps to minimize the risk of personal information getting in the wrong hands. According to the Identity Theft Resource Center, the most important thing is to be aware of this problem and actively monitor your children’s accounts to look for signs of identity theft. Anyone over the age of 14 can request a credit report to check on this; for children under that age, an adult has to prove their relationship to the child in order to access this information. The Resource Center adds: “Preventive measures are fundamental because once a thief has stolen your child’s identity, it can be almost impossible to rectify the situation.”

Plus, although you can’t prevent a cyberattack on a school, you can be vigilant regarding phishing emails, frequently change passwords on all your family accounts, and have conversations with your kids about being cautious online themselves. These are the 12 password mistakes hackers hope you’ll make.

What to do if your information has been exposed

If your information or child’s information has been leaked or you’re concerned that it has, don’t delay. If the potential hack involves a Social Security number, credit card, or bank account number, go to IdentityTheft.gov and report the issue. Depending on what information has been stolen, you may also need to enact a credit freeze, shut down certain accounts, and more. Plus, the sooner the authorities are alerted, the better. The Department of Education has also created a list of resources for parents and guardians to keep their family’s personal data safe, including information on safe web browsing, privacy settings, and information your kids and teens shouldn’t post online. To protect yourself even more, learn these secrets from people who never get hacked.

Sources:

• Pew Trusts: “Cybercriminals Strike Schools Amid Pandemic”
• University Business: “4 COVID-era cybersecurity threats CISOs are confronting”
• FTC: “How to Recognize and Avoid Phishing Scams”
• ID Theft Resource Center: “One Million Kids Were Victims of ID Theft Last Year”
• FTC: “Protecting Your Child’s Privacy Online”
• Readiness and Emergency Management for Schools: “Cyber Safety Quick Links for Protecting Youth”

AleksSafronov/Shutterstock

Clear Signs You're About to Be Hacked

Shutterstock/seewhatmitchsee

Things You Didn't Know Could Be Hacked

Jacob Lund/Shutterstock

Red Flags Someone Is Spying on Your Phone