There is a reason language appropriate to biology is used in cybersecurity: virus, infection, worm, vector. Like a cold picked up at daycare, computer viruses spread easily through families. Unlike a runny nose, the consequences can be dire.
Children are favourite targets for cyber criminals. They click on anything and can be easily enticed into downloading add-ons for their favourite games.
Common sources of infection are Roblox, Minecraft and Fortnite, but any game platform that allows add-ons and modifications is a risk. The Queensland Law Security Cybersecurity Working Group recently received threat intelligence indicating an increase in attacks of this nature targeting Australian businesses and Queensland law firms.
Security firm Kaspersky1 reported over 1.6 million cyber attacks on Roblox players alone in 2024.2 Similar figures apply to Minecraft and other games.
The most likely way this can happen is if a child uses a phone or laptop for gaming occasionally and this same device is used for work purposes. A downloaded link introduces an information stealer which then tracks your usage on work, banking or government sites. These can copy usernames and passwords, and MFA access tokens.
In some cases, an infection on the child’s device is exploited to allow access to the parent’s device through a home network.
What to do about it
While more popular games obviously attract more criminals; prohibiting your kids from playing them will not really solve the problem. Many games are vulnerable, and most platforms (including Playstation/Nintendo) can be a springboard for an attack.
- Enforce a strict segregation between work/private devices. Don’t let kids use your phone to play games or browse the internet.
- If you give your child an old phone for their use, perform a factory reset first and log out of all accounts.
- Introduce a family rule prohibiting downloading software, mods or accepting free gifts online. (Many scams are packaged, for example, in a link promising “free Robux” or similar). While teaching these skills is important, don’t be overconfident. Scammers are very good at manipulation.
- Ensure all devices are protected by anti-virus and monitoring software.
- Ensure all devices are updated regularly, including your modem.
- Use multi factor authentication. If possible, use an authentication method that does not rely on SMS codes or number codes that will be typed into your laptop.
- Don’t download work email or documents to your phone or personal email.
- Access confidential data using the work email account and work controlled app.
For further information, see the QLS Guide to making your domestic equipment safer.[3]
Do what you can to lock down your children’s devices. This also helps protect them from online predators and inappropriate content.4 Note that in some cases “mods” and add-ons may not be blocked by download controls (examples provided below are well regarded options but this is not an exhaustive list).
| Windows Devices Built-in Parental Controls: Use Windows 10’s/11’s built-in parental controls by going to Settings > Accounts > Family & other users. This allows you to limit screen time, monitor activity, and set content filters. Ensure each child has their own user account to apply different rules. |
| Apple Devices Built-in Parental Controls: Use Screen Time in iOS and macOS to set content restrictions, app limits, and monitor usage. Enable Content & Privacy Restrictions to manage downloads and purchases. Create a child account under Family Sharing to manage settings across devices. |
| Android devices Built-in Parental Controls: Use Google Family Link to set screen time limits, monitor app usage, and track device location. This app requires a Google account for your child. Google Play Parental Controls: Restrict app downloads based on maturity ratings, but it lacks search filtering capabilities. |
| Third-Party Software: Norton family: download blocking, inappropriate content notifications, screen limits. Bark: content monitoring, cyberbullying, screen use, download blocking. Screen Time (Android only – In the Google Play Store)5 time limits, download blocking, website monitoring. Trend Micro Parental Controls: Provides features like website filtering and time limits. |
Footnotes
1 Which QLS does not recommend as a vendor of security products due to concerns about close ties to the Russian government. The US government prohibited use of their products in 2017. However, their threat intelligence information is still reliable.
2 Kaspesky, ‘Loading… Cyberthreats: 1.6 million cyberattacks on Roblox players detected in 2024’(Press Release, 10 February 2025).
3 Queensland Law Society, ‘Cybersecurity: Making your domestic equipment (wfh) safer’ (Guide, 28 November 2022).
4 QLS does not warrant that any software mentioned is effective or free from defect. Our investigation of alternatives is limited to comparison and third party review sites. Unless expressly stated we have not undertaken detailed analysis or testing of software or vendor’s claims.
5 This app has a very low satisfaction rating. When you read the reviews, most of the 1-star ratings are from children complaining that “This App is ruining my life”.
Share this article