72 Cyber Safety Tips
for Kids & Families

🔒 passwords

A pet name, birthday, or "1234" at the end of your password gives hackers a massive head start

A pet name, birthday, or "1234" at the end of your password gives hackers a massive head start. Most password-cracking tools try these common patterns within the first few seconds. The fix is simple: make your password at least 12 characters long, and mix in uppercase letters, numbers, and symbols. Better yet, use a password manager to generate and store truly random passwords — then you only have to remember one master password.

Tip #1 →

🔒 passwords

Reusing the same password across multiple accounts is like using the same key for your house, car, a

Reusing the same password across multiple accounts is like using the same key for your house, car, and safe deposit box. One breach exposes everything. A password manager creates a unique, strong password for every single account — and autofills them so you never have to type them. Kids and teens can use family password managers to get into the habit safely. Start with the accounts that matter most: email, gaming, and social media.

Tip #2 →

🔒 passwords

If you can easily guess someone else could guess it too

If you can easily guess someone else could guess it too. "Password123!" has been in every publicly leaked password list for over a decade. The real secret to strong passwords isn’t complexity — it’s length. A 16-character passphrase like "SunnyDogJumpsHigh42" is both memorable for you and virtually uncrackable. Each additional character multiplies the time it would take to crack.

Tip #3 →

🔒 passwords

Passphrases beat traditional passwords every time

Passphrases beat traditional passwords every time. Instead of a short, complicated string like "K@r7!", use four or five random words strung together. "CorrectHorseBatteryStaple" has 26 characters and is far easier to remember than "Tr0ub4dor&3" — and far stronger. You can make it personal and weird: "PurpleBananaRunsFast" is yours alone, and your brain will hold onto it.

Tip #4 →

🔒 passwords

The old advice to change your password every 90 days has been replaced by better guidance: make it s

The old advice to change your password every 90 days has been replaced by better guidance: make it strong from the start, use a unique password for every account, and only change when there’s been a known breach. Teaching kids this mindset — rather than password-change rituals — is what actually keeps them safer online. Build habits, not rules.

Tip #5 →

🔒 passwords

HaveIBeenPwned

HaveIBeenPwned.com lets you check if your email address has appeared in any known data breaches — completely free. If your address shows up, it means some company you trusted got hacked and your password may be circulating. Change it immediately on any account that shared it. This is a great activity to do together with your student: knowledge is power.

Tip #6 →

🔒 phishing

Phishing emails are getting harder to spot because scammers use AI to copy real company logos, forma

Phishing emails are getting harder to spot because scammers use AI to copy real company logos, formatting, and writing styles exactly. The single most reliable check: hover your mouse over any link without clicking. The URL that appears will tell you the real destination — and it will be different from what the button text says. Train this habit early. A hovered link never lies.

Tip #7 →

🔒 phishing

Real companies and government agencies do not send emails demanding immediate action with threats of

Real companies and government agencies do not send emails demanding immediate action with threats of account closure or legal consequences. That pressure is a psychological tool designed to make you panic and click. When in doubt, go directly to the company’s official website by typing it yourself — never click email links to "verify" your account. If it’s real, the notice will also appear when you log in normally.

Tip #8 →

🔒 phishing

Your password, Social Security number, credit card, and home address are never things a legitimate c

Your password, Social Security number, credit card, and home address are never things a legitimate company asks for via email. Not now, not ever. If an email asks for any of these, it’s a scam — no matter how official it looks. Forward suspicious emails to your parent or teacher so they can report it together. You’re doing a public service by reporting.

Tip #9 →

🔒 phishing

Smishing is the word for phishing scams delivered by text message

Smishing is the word for phishing scams delivered by text message. That "USPS/FedEx/DHL" notification about a failed delivery with a link to "track your package" is almost always a scam. Real carriers don’t send unsolicited tracking links via text. If you’re expecting a package, go directly to the carrier’s official website and use the tracking number you received at purchase. Delete the text — don’t forward it, just delete.

Tip #10 →

🔒 phishing

One of the most reliable signs of a scam email: a sender address that’s almost right

One of the most reliable signs of a scam email: a sender address that’s almost right. Look carefully for swapped letters (rn for m), extra characters, or domain names that look real but aren’t the actual company domain. For example, support@amaz0n.com or no-reply@paypa1.com. Cyber Hero students learn to catch these in Mission #7. Practice with a parent by looking at your inbox together.

Tip #11 →

🔒 2fa

Two-factor authentication (2FA) adds a second lock to your account — even if a hacker gets your pass

Two-factor authentication (2FA) adds a second lock to your account — even if a hacker gets your password, they still can’t get in without the code sent to your phone or generated by an app. Enable 2FA on your most important accounts first: email, gaming platforms, and any account that stores payment information. It takes about two minutes to set up and dramatically reduces the risk of account takeover.

Tip #12 →

🔒 2fa

Authenticator apps like Google Authenticator or Authy generate six-digit codes that change every 30

Authenticator apps like Google Authenticator or Authy generate six-digit codes that change every 30 seconds. These are far more secure than SMS codes because they can’t be intercepted through phone number hijacking — a technique hackers increasingly use. Download an authenticator app and link it to your key accounts. Many platforms now offer this as a free, built-in feature. Once you start using it, you won’t go back.

Tip #13 →

🔒 2fa

Your email account is the master key to your entire digital life

Your email account is the master key to your entire digital life. From your email, you can reset passwords for Facebook, Instagram, Steam, and every other account you own. This makes protecting your email with 2FA the single most important security step most people skip. Set it up today — it takes under five minutes. Then set it up on your gaming accounts too.

Tip #14 →

🔒 2fa

If you receive a two-factor authentication code you didn’t request, act immediately

If you receive a two-factor authentication code you didn’t request, act immediately. Someone is trying to log into your account with a password they either stole or guessed. Go to your account settings, change your password to something new and strong, review recent login activity, and log out all other sessions. Enable 2FA while you’re in there so this can’t happen again.

Tip #15 →

🔒 2fa

Research shows most teenagers don’t use two-factor authentication on their primary accounts —

Research shows most teenagers don’t use two-factor authentication on their primary accounts — one of the easiest and most effective security habits they could develop. In a classroom setting, have students enable 2FA on one account together as a group exercise. The hands-on experience makes the concept real. Students who set this up at school often go home and do the same for their families.

Tip #16 →

🔒 social-privacy

A public social media profile is visible to anyone in the world — including people who might use tha

A public social media profile is visible to anyone in the world — including people who might use that information for harmful purposes. Setting your account to private limits who can see your posts, your friends list, and your location data. The change takes less than a minute: go to Settings > Privacy > and flip the switch. Review it every few months as app defaults sometimes reset.

Tip #17 →

🔒 social-privacy

The combination of your real name, your school, and your neighborhood is enough for someone with bad

The combination of your real name, your school, and your neighborhood is enough for someone with bad intentions to build a detailed picture of where you are and when. A "first day of school" post with your school tagged, followed by a post about being home alone, creates a pattern that predators actively look for. Share the excitement about school without the location context — post the photo, remove the geotag.

Tip #18 →

🔒 social-privacy

When you accept a follower request from someone you don’t know, you’re letting them into

When you accept a follower request from someone you don’t know, you’re letting them into your digital life. They can see who your friends are, where you go, what your routine looks like, and what you care about. Review your current followers and remove anyone you don’t recognize or wouldn’t want watching your day-to-day life. It’s not rude — it’s smart.

Tip #19 →

🔒 social-privacy

Even if you don’t add a caption with your location, the photos you take with a smartphone cont

Even if you don’t add a caption with your location, the photos you take with a smartphone contain GPS metadata that’s embedded in the file. This data isn’t visible when you look at the photo, but it’s there — and platforms don’t always strip it. Turn off location services for your camera app in your phone’s privacy settings. This protects you without changing how you take or share photos.

Tip #20 →

🔒 social-privacy

Even on private accounts, your posts are visible to your followers — and if any of those followers h

Even on private accounts, your posts are visible to your followers — and if any of those followers have public accounts or their accounts get compromised, your content can spread further than intended. Use Instagram’s "Close Friends" list and Snapchat’s private stories for anything personal, emotional, or that you wouldn’t want saved and shared. It’s okay to have different audiences for different content.

Tip #21 →

🔒 ai-deepfakes

AI-generated deepfake videos are now nearly indistinguishable from real footage — and they’re

AI-generated deepfake videos are now nearly indistinguishable from real footage — and they’re being used in scams, political manipulation, and impersonation attacks. The most reliable sign something might be a deepfake: look at the background. AI often struggles to render complex backgrounds correctly. Also watch for unusual lighting, weird hand movements, and audio that doesn’t quite sync with the mouth. When in doubt, search for the story from multiple sources before sharing.

Tip #22 →

🔒 ai-deepfakes

AI-generated images look photorealistic but often have telltale signs: hands with extra fingers, bac

AI-generated images look photorealistic but often have telltale signs: hands with extra fingers, background elements that blur or repeat, text inside the image that’s garbled, and eyes that don’t quite look right. Train your eye by spending five minutes comparing real and AI-generated images side by side. Once you know what to look for, you’ll catch fakes much more reliably.

Tip #23 →

🔒 ai-deepfakes

Deepfake scams targeting teenagers have increased over 1,200% according to cybersecurity industry re

Deepfake scams targeting teenagers have increased over 1,200% according to cybersecurity industry reports. These include fake celebrity endorsements, manipulated videos of classmates, and AI-cloned voices used in phone scams. The key defense: if something seems too wild or too alarming to be real, pause before you share it. Verification takes minutes and prevents the spread of harmful content.

Tip #24 →

🔒 ai-deepfakes

Before resharing a viral image or video, do a quick reverse image search to find the original source

Before resharing a viral image or video, do a quick reverse image search to find the original source. If the same clip appears in multiple different contexts, it may be manipulated. Scammers use AI to create content that plays on emotions — outrage, fear, excitement — precisely because emotional content gets shared faster. Slow down, verify, then decide.

Tip #25 →

🔒 ai-deepfakes

CyberHeroesHQ built a dedicated mission specifically to train deepfake detection skills — because id

CyberHeroesHQ built a dedicated mission specifically to train deepfake detection skills — because identifying synthetic media is now as essential as identifying phishing emails. Working through this mission gives students a structured, evidence-based framework for evaluating the authenticity of online content. These skills compound over time as AI quality improves.

Tip #26 →

🔒 gaming

"Free V-Bucks" or "free Robux" websites are one of the most common ways hackers compromise gaming ac

"Free V-Bucks" or "free Robux" websites are one of the most common ways hackers compromise gaming accounts. These sites ask you to log in with your Epic or Roblox credentials — handing them directly to scammers. Real in-game currency deals happen in the official store, not through search results or Discord links. If you ever get a DM offering free currency, report it.

Tip #27 →

🔒 gaming

"Account boosting" services that require you to hand over your login are handing your account to str

"Account boosting" services that require you to hand over your login are handing your account to strangers. They can drain your virtual inventory, change your payment methods, and sell your account to someone else. If you want to rank up, use the game’s own systems or legitimate coaching services — never give your password to someone you found online.

Tip #28 →

🔒 gaming

Cheat software and aimbot downloads are one of the most common ways malware gets onto a gaming compu

Cheat software and aimbot downloads are one of the most common ways malware gets onto a gaming computer. The "hack" might be a keylogger that captures every password you type, including the password to your email, your parents’ bank account, and every other account you use on that machine. The stakes are real — and the performance advantage is usually not worth the risk.

Tip #29 →

🔒 gaming

Trading in-game items outside the official marketplace means there are no protections if the other p

Trading in-game items outside the official marketplace means there are no protections if the other person scams you. You won’t get your item back, and the platform won’t be able to help because the trade happened off-platform. Stick to the game’s built-in trading system. If a deal seems too good to be true, it is.

Tip #30 →

🔒 gaming

The person you play with online might be genuinely great — but online personas don’t always re

The person you play with online might be genuinely great — but online personas don’t always reflect reality. If someone you’ve only met in a game starts asking for personal information — your school, your address, photos of you, or anything that feels private — that’s a red flag. A real friend respects boundaries. End the conversation and tell a trusted adult.

Tip #31 →

🔒 cyberbullying

Screenshots are evidence

Screenshots are evidence. If you’re being cyberbullied, screenshot everything — the message, who sent it, the time, and any context — before you block the person. Platforms take reports more seriously when you can show them exactly what happened and when. Keep a dedicated folder for evidence. You may need it for school administrators, platform reports, or — in serious cases — law enforcement.

Tip #32 →

🔒 cyberbullying

Cyberbullying doesn’t stop on its own

Cyberbullying doesn’t stop on its own. Without intervention, it typically escalates. Report to the platform (each one has a reporting flow — use it), tell a trusted adult, and document every incident. You don’t have to deal with it alone. If you’re a bystander witnessing cyberbullying, the most powerful thing you can do is not amplify it and privately reach out to support the person being targeted.

Tip #33 →

🔒 cyberbullying

A message sent in anger lives forever as a screenshot

A message sent in anger lives forever as a screenshot. Even if you delete your own message, someone else can screenshot it before you do. Before you type something you might regret, put your phone down for 10 seconds and ask yourself: "Would I say this out loud to this person’s face?" If the answer is no, rewrite it or don’t send it.

Tip #34 →

🔒 digital-footprint

Your full name, school, and neighborhood in the same post or profile is a ready-made target for anyo

Your full name, school, and neighborhood in the same post or profile is a ready-made target for anyone with bad intentions. Strangers can use these three pieces of information to locate you, learn your routine, or build a profile for social engineering. Share your interests and personality freely — just keep location details separate or vague. "I go to school in Austin" is safer than "I go to Westview Middle School."

Tip #35 →

🔒 digital-footprint

Posts that seem like harmless venting — about a teacher, a classmate, a parent — can be screenshotte

Posts that seem like harmless venting — about a teacher, a classmate, a parent — can be screenshotted, taken out of context, and used against you later. The internet has a long memory. Before you post something emotional, ask yourself who might eventually see it, how it might be interpreted, and if you’d be comfortable with it appearing in a college application. If not, keep it private.

Tip #36 →

🔒 digital-footprint

College admissions officers and future employers routinely check social media

College admissions officers and future employers routinely check social media. A post you make today could be read by someone evaluating you a decade from now. Build a digital footprint you’d be proud of — not because you need to be perfect, but because it’s worth being intentional. Your online identity is part of your identity, and it’s worth protecting.

Tip #37 →

🔒 geotags

Posting "home sweet home!" with location sharing turned on tells the world your home address

Posting "home sweet home!" with location sharing turned on tells the world your home address. It seems harmless — you’re just excited about where you live — but it broadcasts your exact coordinates to anyone reading your post. Turn off location sharing by default, and only enable it when sharing your location adds value and you’re choosing to share with people you trust.

Tip #38 →

🔒 geotags

Geotagged photos embed your GPS coordinates in the image file’s metadata — invisible data that

Geotagged photos embed your GPS coordinates in the image file’s metadata — invisible data that travels with the photo wherever it goes. Platforms may strip this data, but not always, and not completely. The safest practice: turn off location access for your camera app in your phone’s privacy settings. The photo is still shared — just without the coordinates attached.

Tip #39 →

🔒 geotags

Posting from the same coffee shop, the same gym, the same park on a regular schedule tells anyone pa

Posting from the same coffee shop, the same gym, the same park on a regular schedule tells anyone paying attention exactly where you’ll be and when. This is a pattern predators look for. Vary your sharing — mix up the places you post from and when you post. Predictability is a vulnerability. Don’t make yourself easy to find on a schedule.

Tip #40 →

🔒 romance-scams

Someone who seems like a perfectly normal peer online but always has an excuse not to video chat — c

Someone who seems like a perfectly normal peer online but always has an excuse not to video chat — camera broken, mic not working, too shy — may not be who they say they are. Legitimate online friendships don’t require you to share personal information or avoid verification. If something feels off, it probably is. You don’t owe anyone your trust before they’ve earned it.

Tip #41 →

🔒 romance-scams

A new online friend who asks for photos, money, personal information, or access to your accounts is

A new online friend who asks for photos, money, personal information, or access to your accounts is a red flag — no matter how long you’ve played together or how friendly they seem. Real people you meet online will never pressure you for these things. End the conversation, block the person, and tell a trusted adult what happened. You did the right thing by recognizing the warning sign.

Tip #42 →

🔒 romance-scams

Romance scams target teens specifically because teenagers are often less likely to tell adults about

Romance scams target teens specifically because teenagers are often less likely to tell adults about online interactions that feel uncomfortable. This silence is what scammers count on. If something feels off in an online relationship — especially one that involves requests for personal information or money — tell someone. You will never be in trouble for reporting.

Tip #43 →

🔒 ai-voice-scams

AI voice cloning requires just three seconds of audio — enough to grab from a public TikTok, YouTube

AI voice cloning requires just three seconds of audio — enough to grab from a public TikTok, YouTube video, or Instagram reel. Scammers use this to call parents claiming their child is in trouble and needs money immediately. Create a family code word — something only your household knows — and use it to verify any urgent call. If there’s no code word and the caller is pressuring you to act fast, pause and call your parent back directly.

Tip #44 →

🔒 ai-voice-scams

That voicemail from "Dad" saying he’s in trouble and needs you to wire money? AI can now repli

That voicemail from "Dad" saying he’s in trouble and needs you to wire money? AI can now replicate a parent’s voice with chilling accuracy. The emotional impact is intentional — scammers want you panicked and acting fast before you can think. Always confirm urgent requests through a second channel: call back on the number you have saved in your phone, not the number that just called you.

Tip #45 →

🔒 ai-voice-scams

AI-generated voicemails claiming to be from a relative in crisis are a growing scam tactic targeting

AI-generated voicemails claiming to be from a relative in crisis are a growing scam tactic targeting families. The message creates a sense of urgency and pressure to act before verifying. When you receive a call like this: do not wire money, do not buy gift cards, and do not give any personal information. Call the person who supposedly called directly on a number you already have.

Tip #46 →

🔒 snap-tiktok

Snapchat messages are marketed as disappearing — but the person on the other end can screenshot or s

Snapchat messages are marketed as disappearing — but the person on the other end can screenshot or screen-record anything you send in seconds. Once it’s out of Snapchat, it’s completely out of your control. Never send anything through Snapchat — or any app — that you wouldn’t want permanently saved, screenshotted, and shared. This applies to text, photos, and videos.

Tip #47 →

🔒 snap-tiktok

Legitimate TikTok giveaways never ask for your password, home address, or personal information throu

Legitimate TikTok giveaways never ask for your password, home address, or personal information through a DM. If an account claiming to run a giveaway asks you to message them privately and share sensitive data, it’s a scam. Report the account to TikTok, block them, and only engage with verified brand accounts posting giveaways in their main feed.

Tip #48 →

🔒 snap-tiktok

If someone maintains an intense Snap streak with you but gets evasive or aggressive when you ask to

If someone maintains an intense Snap streak with you but gets evasive or aggressive when you ask to video chat, that’s a significant red flag. Streaks are engagement mechanics — they’re not a measure of genuine friendship or trustworthiness. Never share personal information with someone who avoids verifying who they are. Trust your instincts.

Tip #49 →

🔒 identity-theft

Identity theft targets minors because their credit records are essentially blank and untouched — mak

Identity theft targets minors because their credit records are essentially blank and untouched — making them valuable to criminals who want to open accounts, take out loans, or file tax returns in a child’s name. Parents can and should freeze their child’s credit with the three major bureaus as a preventative measure. It’s free, it doesn’t affect the child’s future credit access, and it’s one of the most powerful protections you can put in place.

Tip #50 →

🔒 identity-theft

No legitimate website or organization will ask you to enter your Social Security number through a li

No legitimate website or organization will ask you to enter your Social Security number through a link in an email or text message. Real institutions use secure portals that you navigate to directly, not through embedded forms. If you’re ever asked for your SSN in an unsolicited message, close it immediately and navigate to the official website by typing it yourself.

Tip #51 →

🔒 identity-theft

If you discover unfamiliar accounts, credit cards, or loan applications in your name, act immediatel

If you discover unfamiliar accounts, credit cards, or loan applications in your name, act immediately. Contact the three major credit bureaus (Equifax, Experian, TransUnion) to place a fraud alert, file a report with the FTC at IdentityTheft.gov, and notify your bank. The sooner you catch identity theft, the less damage it does. Even young people should check their credit report annually.

Tip #52 →

🔒 gift-card-scams

No legitimate organization — not the IRS, not your utility company, not a police officer, not a fami

No legitimate organization — not the IRS, not your utility company, not a police officer, not a family member in supposed legal trouble — will ever demand payment in gift cards. Gift cards are the preferred payment method for scammers precisely because they’re untraceable and irreversible. If someone asks you to buy gift cards and read them the code numbers, it’s always a scam. Hang up and tell an adult.

Tip #53 →

🔒 gift-card-scams

Gift card codes are like cash — once you give them to someone, the money is gone and there’s n

Gift card codes are like cash — once you give them to someone, the money is gone and there’s no way to get it back. Scammers coach their targets to keep the purchase secret and stay on the phone during the whole process. If someone is pressuring you to buy gift cards, stay on the line with you, and tell you not to tell anyone — that’s the telltale script of a scam. Break free and tell a parent or trusted adult immediately.

Tip #54 →

🔒 shopping-scams

If a deal seems too good to be true — 80 or 90 percent off a normally expensive item — it almost cer

If a deal seems too good to be true — 80 or 90 percent off a normally expensive item — it almost certainly is. Fake shopping sites use stolen product images, bargain prices, and urgency ("limited time only!") to get people to enter their credit card information. Stick to retailers you know, look for the padlock in the URL bar, and search for reviews of the site before buying.

Tip #55 →

🔒 shopping-scams

Package delivery texts are one of the most common smishing vectors

Package delivery texts are one of the most common smishing vectors. "Your package couldn’t be delivered — click here to reschedule" leads to fake sites that steal your information or install malware. Real carriers send tracking numbers at purchase and let you track through their official apps and websites. Never click links in unsolicited delivery texts. Delete the text and, if you’re genuinely expecting a package, track it directly on the carrier’s website.

Tip #56 →

🔒 smart-home

Smart speakers like Alexa and Google Home occasionally record more than their wake word captures

Smart speakers like Alexa and Google Home occasionally record more than their wake word captures. They store these recordings, and if someone gains access to your account, those recordings are accessible. Review your privacy settings in the speaker’s app, delete stored recordings regularly, and consider turning off the "continue listening" feature. The convenience is the same; the privacy exposure is reduced.

Tip #57 →

🔒 smart-home

Every device on your home Wi-Fi — smart TV, voice assistant, baby monitor, thermostat — is a potenti

Every device on your home Wi-Fi — smart TV, voice assistant, baby monitor, thermostat — is a potential entry point for hackers if it has a default password. Default credentials are publicly documented and exploited automatically by malware. Change every smart device’s default password when you set it up. Use a different password for each device when possible, and keep a note of them in a password manager.

Tip #58 →

🔒 cyber-career

Cybersecurity isn’t a talent you’re born with — it’s a set of skills you learn and

Cybersecurity isn’t a talent you’re born with — it’s a set of skills you learn and practice, just like math or reading. And the students learning these skills today are the ones who’ll be defending networks, building secure systems, and shaping AI policy in the years ahead. The career opportunities in this field are massive and growing. Start your training now.

Tip #59 →

🔒 cyber-career

The cybersecurity industry will have 3

The cybersecurity industry will have 3.5 million unfilled jobs by the end of this decade. Students in your classroom today are the pipeline for those roles — if we give them a solid foundation in digital safety, critical thinking, and ethical technology use. You don’t need a tech background to teach these skills. CyberHeroesHQ’s curriculum is built for teachers who are learning alongside their students.

Tip #60 →

🔒 cyberbullying

💜 NEW Mission: Bully Block is LIVE on CyberHeroesHQ 🛡️ Students learn to spot harassment vs banter

💜 NEW Mission: Bully Block is LIVE on CyberHeroesHQ 🛡️ Students learn to spot harassment vs banter, choose the upstander path, and document + report. Earn the Upstander badge → cyberheroeshq.com/curriculum

Tip #61 →

🔒 cyberbullying

🚨 Cyberbullying tip: Screenshot BEFORE you block

🚨 Cyberbullying tip: Screenshot BEFORE you block. Blocking removes the evidence from your view — but the screenshot is what schools and platforms need to act. Screenshot first, block second → cyberheroeshq.com/try

Tip #62 →

🔒 deepfakes

🔍 NEW Mission: Deepfake Detective is LIVE on CyberHeroesHQ 🤖 Students learn to spot AI voice clone

🔍 NEW Mission: Deepfake Detective is LIVE on CyberHeroesHQ 🤖 Students learn to spot AI voice clones, find image artifacts (warped hands, garbled text), and build a family verification protocol. Earn the Deepfake Detective badge → cyberheroeshq.com/curriculum

Tip #63 →

🔒 deepfakes

🚨 AI clones voices from 3 seconds of audio

🚨 AI clones voices from 3 seconds of audio. If you get an "emergency" call from someone you know asking for money — hang up. Call them back on their real number. Never react to urgency alone. → cyberheroeshq.com/try

Tip #64 →

🔒 deepfakes

🖐️ How to spot an AI-generated image: look at the hands

🖐️ How to spot an AI-generated image: look at the hands. Extra fingers, merged knuckles, wrong counts. Then check background text — AI can't spell. Two checks, two seconds. → cyberheroeshq.com/curriculum

Tip #65 →

🔒 deepfakes

👨‍👩‍👧 Family safety tip: Create a verbal safe-word for emergencies

👨‍👩‍👧 Family safety tip: Create a verbal safe-word for emergencies. Anyone asking for money or help must say it. If they can't — it's a scam. Voice clones can sound exactly like your family. → cyberheroeshq.com/educators

Tip #66 →

🔒 deepfakes

📰 Before sharing a "shocking" video online: S-I-F-T

📰 Before sharing a "shocking" video online: S-I-F-T. Stop. Investigate the source. Find better coverage. Trace claims. Takes 60 seconds. Stops misinfo from spreading through your network. → cyberheroeshq.com/curriculum

Tip #67 →

🔒 passwords

🔑 NEW Mission: Password Power-Up is LIVE on CyberHeroesHQ 🛡️ Students rank passwords by crack-time

🔑 NEW Mission: Password Power-Up is LIVE on CyberHeroesHQ 🛡️ Students rank passwords by crack-time, build passphrases, block credential stuffing, and master 2FA. Earn the Password Paladin badge → cyberheroeshq.com/curriculum

Tip #68 →

🔒 passwords

📖 Stop making passwords complex — make them LONG

📖 Stop making passwords complex — make them LONG. "correct-horse-battery-staple" takes centuries to crack vs. "P@ssw0rd!" which falls in minutes. Four random words beats every l33t-speak substitution. → cyberheroeshq.com/try

Tip #69 →

🔒 passwords

⚠️ Credential stuffing: 1 leaked password → every account you reuse it on gets owned

⚠️ Credential stuffing: 1 leaked password → every account you reuse it on gets owned. Attackers automate this. The fix is trivially simple: unique password per site. A password manager makes it effortless. → cyberheroeshq.com/curriculum

Tip #70 →

🔒 passwords

📱 SMS 2FA is better than nothing — but it's the weakest option

📱 SMS 2FA is better than nothing — but it's the weakest option. SIM-swap attacks let criminals redirect your texts to their phone. Switch your students (and yourself) to an authenticator app. Takes 2 minutes. → cyberheroeshq.com/educators

Tip #71 →

🔒 passwords

🧠 The best password is one you never have to remember

🧠 The best password is one you never have to remember. A password manager generates, stores, and fills 20-character random passwords automatically. One strong master password protects all the others. → cyberheroeshq.com/curriculum

Tip #72 →