Oleksandra Marchenko, Head of Nadiyno.org
Teenagers and young people are the most frequent victims of cybercriminals. What can be done?
Modern teenagers are often referred to as the “generation born with a smartphone.” For them, the phone serves as a psychotherapist, nutritionist, stylist, and a “stage” for performing in front of friends. It’s how young people communicate and build their identity.
When every cup of coffee, new pair of sneakers, or walk downtown becomes content—what are the consequences of this public exposure? Is a selfie just a smile, or can a photo reveal the address of a school? Is a comment under a post merely self-expression, or a detail that adds to a psychological profile? From such details, malicious actors can piece together a full picture of a teenager’s life—making them ideal targets for phishing, blackmail, or even recruitment attempts.
In Ukraine, the most frequent victims of online fraud are young people aged 18–24 (14% of respondents in an NBU and Opendatabot study). This figure exceeds even that of people aged 65 and older (11%).
Recognizing the problem is the first step toward solving it. But what comes next?
It’s crucial to control what the world “sees” about your child.
First, explain to teenagers how their “digital footprint” can be used against them. Many risks don’t arise from hacking but from what they share themselves—home or school geolocation, or even photos showing documents.
The rules are simple: don’t reveal your private address or real-time location, and limit your audience.
We often hear adults say: “My account is private, so I’m safe.” But a private profile doesn’t equal privacy. Among hundreds of followers, there’s always someone barely familiar—a random online friend or a casual acquaintance. This should be kept in mind when posting content.
Second, encourage basic habits that reduce cyber risks:
Enable two-factor authentication everywhere: email, social networks, messengers, and banking apps.
Use a password manager and create complex, unique passwords for different services.
Explain the risks of using public Wi-Fi networks and unknown charging devices, which can leak personal data.
Teach how to recognize phishing messages: avoid suspicious links, and never share personal information through forms or QR codes from unknown senders.
Emphasize that fraudsters often exploit trust in familiar people or services. Even if a friend asks to borrow money, confirm it by calling them or writing in another messenger. If an organization reaches out, verify the request via official contacts on their website.
Third, provide simple rules for safely using artificial intelligence tools:
Share only information that is completely non-sensitive. Any data entered into AI chats no longer belong solely to the user—and the risk of leaks is especially high when using tools from companies based in unfriendly countries.
Don’t trust everything AI writes. Teenagers often rely on AI-generated information—from diet advice to psychology tips. Explain that AI may produce errors or distort facts; critical thinking can save lives.
Share only verified audio and video online. Such media can be deepfakes—AI-generated imitations of a person’s voice or appearance. Fraudsters use them to solicit money, spread disinformation, or harm reputations. Deepfakes can usually be recognized by unnatural elements (like unsynchronized lips), unclear origins, or emotionally charged, provocative language designed to provoke outrage, disgust, or anger—classic manipulation techniques.
At Nadiyno.org youth sessions, we conducted a test: children and parents were asked to distinguish between real and AI-generated photos and voices. Many failed, which shows two things—the sophistication of technology and the lack of knowledge about detecting deepfakes.
A real-life case combining phishing and deepfake we’ve encountered in our practice.
One person contacted us after their Telegram account was hacked. Fraudsters, posing on Instagram, invited them to a photo shoot and sent a “link with details,” which redirected to a QR code in Telegram. After scanning it, the scammers gained full access to the account. They then messaged the victim’s contacts, asking to borrow money—attaching an audio message mimicking the victim’s voice, generated by AI (the criminals had collected voice messages and trained a model). This combination of phishing and AI makes deception both convincing and easily scalable.
Young people often fall victim to cybercrime not because of carelessness, but because they spend the most time online and on emerging platforms. Therefore, teaching them safe online behavior is essential—and it must become a habit.
The steps above form a simple foundation for teenagers, their parents, and teachers alike.
At the same time, digital safety courses should become standard in schools.
“Ten minutes of safety” during homeroom once a month, short phishing-prevention quizzes, and privacy-setting exercises are easy to implement and deliver measurable results.
Peer-to-peer learning works best—teenagers teach each other far more effectively than long lectures. Regularly refreshing knowledge also helps them stay aware of new scams and remain safe.
The Nadiyno.org team is ready to partner with schools, NGOs, and businesses to build a robust nationwide system for teaching youth online safety and digital literacy. We know how to do it effectively—and have the experience to back it up.
For example, at the end of August, we organized a cyber camp in France for children of Ukrainian servicemen. Teenagers learned to protect their online accounts, adjust privacy settings, recognize phishing, safeguard personal data, use OSINT (open-source intelligence) tools, and safely interact with AI technologies. The educational program was combined with recreation and excursions.
“I believe there should be an extra course in schools about cybersecurity and cyber hygiene—about how important it is to protect your privacy and not share personal data online. Every student should know this,” said one participant.
This camp was our first step toward a systemic approach to teaching children. The next phase is expanding these programs to Ukrainian communities.
Cyber resilience is the sum of many small, correct actions. Let’s make those actions a habit—and turn them into our shared strength.
