Everyone knows that the online world is populated by bad actors, scam artists and hackers. Indeed, many grown-ups feel almost paralysed by a lack of understanding about the darker recesses of the digisphere. Worse, we may be unwittingly passing our digital anxiety on to our children. And thanks to daily reporting of the dangers posed to children online, many parents and carers dread their children falling victim to the efforts of online bad actors.

Spotting online deception

But what of children themselves? How well-versed are they when it comes to understanding real and imagined online threats like phishing and hacking? To find out, Karen Renaud of Strathclyde’s Computer and Information Sciences department led a team of seven UK researchers to find out how skilled 11-12-year-olds are at spotting and dealing with online deception.

Described as a gullibility study, Karen and the team considered “nudge” techniques when designing their research model. Online nudges are usually used for good i.e. a nudge might encourage the eating of an apple instead of a doughnut. However, nudges are also used by bad actors to deploy “dark patterns”, for their own nefarious ends. The research set out to see how well modern children, immersed as they are in the online world, could spot those deceptive dark patterns, and act accordingly.

Results

The researchers used a series of scenarios to test the children, and the results were fascinating. A retina scanning scenario was used to assess privacy awareness and, while some children sensed something dodgy was happening, they seldom understood the potential for privacy violation. While they reliably spotted “Bait and Switch” dark patterns, some thought a legitimate “progress at your own risk” was “fishy”. Others thought their personal safety would be at risk if they clicked, rather than realising that the dark patterns were trying to gain access to their online accounts.

Overall, the research found that children struggled to make a distinction between cybersecurity and personal safety. A major finding was the clear need to help children to make the distinction between threats and benign warnings. Responsibility for that education has already been embraced by parents, but many lack confidence in their own knowledge - inevitably, ordinary people are often behind the digital curve. In other research, Karen found that many parents use Google searches or ask others deemed to be more knowledgeable (e.g. teenagers, family friends) for advice, but this doesn’t give them the same reliable or up-to-date information as that provided by the UK’s National Cybersecurity Centre.

It will never be possible to keep ourselves or our children completely safe from hacking or phishing. We need to build resilience in parents and children – teach them how to spot online deception, but also how to recover if a cyber attack succeeds. A national effort to upskill parents has the potential to develop this resilience in both adults and children.