Internet Safety and Cybersecurity Awareness for College Students

| Victoria Leigh Modified on June 27, 2022

Internet Safety and Cybersecurity Awareness for College Students

Are you ready to find a school that's aligned with your interests?

According to 2016 data from the U.S. Census Bureau, 89% of American households had a computer and/or smartphone, and 81% of American households had a broadband internet subscription. We rely on the internet for communication, entertainment, healthcare access, financial services, and, increasingly, higher education.

In fall 2018, nearly 7 million college students enrolled in at least one distance education course, and 3.2 million attended classes exclusively online.

However, the world wide web does much more than just enable us to Zoom into virtual classroom meetings. College students access the internet every day for work and pleasure — to complete research for essays and assignments, stay in touch through social media, make online purchases, and seek out the latest in entertainment.

The sheer amount of information and data we share online opens us all up to cybersecurity threats. The risk is often more pronounced for young people and college students who are statistically more likely to fall for fraud scams than older adults and who use social media at higher rates than other age groups.

Why Cybersecurity Awareness is Important

CSO Online — a leading information source for chief security officers and senior executives — recently examined industry surveys and research studies to get a sense of the current cybersecurity landscape. Some of their findings were startling:

  • Every minute, $17,700 is lost due to phishing attacks.
  • 94% of malware is delivered via email.
  • 63% of companies said their data was potentially compromised within the last year.
  • 60% of data breaches involve vulnerabilities that could have been avoided if an available security update or patch had been applied.

It's a dangerous world out there. Modern cybercriminals and hackers use increasingly sophisticated means to access our most sensitive data and personal information.

These days, you don't even need to click on an infected link in order to wind up with hidden malware that can log your keystrokes, scan your system for personal files, or hijack your online banking sessions. Phishers frequently spoof websites, email addresses, and social media profiles to manipulate user trust and gain access to personal information. Popular services like free Wi-Fi, ATMs, and public computers can all lead to data compromise, financial loss, and identity theft.

As we increasingly digitize our lives, we put ourselves at greater risk. Whether you are about to enter your first or final year of college, it's never too late to brush up on internet safety tips and increase your cybersecurity awareness.

The best way to fight cybercrime is through prevention. Use the following statistics, stories, and tips to arm yourself both on and off campus.

Interested in Studying or Pursuing Cybersecurity? Learn More About Degrees and Rewarding Careers in the Information Security Sector:

CYBERSECURITY DEGREES
TOP CYBERSECURITY SCHOOLS
CYBERSECURITY CAREERS

Computer and Mobile Security Vulnerabilities

Cybercrime is on the rise around the world, driven by an increased use of social media, cloud storage, digital downloads, and mobile and online payments. Consumers' personal and financial data is everywhere, and hackers are getting smarter at retrieving it. Computers and mobile devices are particularly vulnerable to malware, ransomware, and phishing attacks targeting social security numbers, credit card information, and bank account data.

Compared to all other major industries, recent research found that the education sector ranked last in terms of cybersecurity performance. This makes it more important than ever for college students to take responsibility for their own internet safety.

When You Don't Vaccinate Your Computer And Mobile Phone

Today, hacking is not a question of "if," but "when." In 2019 alone, 89 U.S. universities, colleges, and school districts faced ransomware attacks. No matter how secure your university networks claim to be, you must take additional steps to ensure the protection of your personal devices. To keep your tech safe from cyberattacks, experts recommend installing all software updates, arming yourself with cybersecurity tools like antivirus software, and regularly backing up your data. Remember that hackers don't discriminate. Never assume you won't be targeted. Follow these steps to help vaccinate your tech against cybercrime:
  • Computer and smartphone software updates help patch security flaws and protect data. It's time to stop clicking "Remind Me Tomorrow" when your Mac asks to download and install updates.
  • Only download software directly from manufacturers and other trusted sources. Across the web, hackers use convincing fakes (urgent update alerts, download pages, etc.) to spread malware and ransomware to unsuspecting users.
  • Invest in strong, trusted virus and spyware protection, whether you own a Mac or PC. Scan your computer at least once a week.
  • Backup your computer periodically to an external hard drive and/or cloud-based storage system in case you need to recover data and files after a cyberattack.
  • When surfing the web, enable pop-up blocking and consider private browsing. Cookies can open security loopholes for hackers, so it's best to delete them periodically.
  • Closely monitor your credit rating, credit cards, and bank accounts. Set up text notifications that alert you to possible fraudulent activity.
  • Computer and smartphone software updates help patch security flaws and protect data. It's time to stop clicking "Remind Me Tomorrow" when your Mac asks to download and install updates.
  • Only download software directly from manufacturers and other trusted sources. Across the web, hackers use convincing fakes (urgent update alerts, download pages, etc.) to spread malware and ransomware to unsuspecting users.
  • Invest in strong, trusted virus and spyware protection, whether you own a Mac or PC. Scan your computer at least once a week.
  • Backup your computer periodically to an external hard drive and/or cloud-based storage system in case you need to recover data and files after a cyberattack.
  • When surfing the web, enable pop-up blocking and consider private browsing. Cookies can open security loopholes for hackers, so it's best to delete them periodically.
  • Closely monitor your credit rating, credit cards, and bank accounts. Set up text notifications that alert you to possible fraudulent activity.

When You Visit Unsecure Or Torrent Websites

While browsing, you might have noticed that some website addresses begin "HTTP," while others begin with "HTTPS." That single letter makes a huge difference. HTTPS websites encrypt user communications and data. Unsecure HTTP sites enable hackers to view transferred information, including login credentials, in plain text format. Torrent websites like The Pirate Bay host massive digital repositories of content including movies, music, video games, and software. Anyone can gain access to this content at no cost, but torrenting is not risk-free. Dangers include malware infection, penalties from your internet service provider, and legal settlements from copyright holders.
  • Today's phishing scams use sophisticated replicas of login pages. Before accessing your school email, Canvas account, or online banking, make sure the web address is correct. Never submit sensitive information like usernames, passwords, or credit card numbers through an HTTP website.
  • Remember that your online activities can put other students at risk. Cyberattacks that originate on your computer can spread to other devices — even throughout the entire university system.
  • According to a 2015 study, approximately 12 million monthly users were infected with malware after downloading torrent files. Resist the temptation to download the latest Hollywood blockbuster or the digital version of your expensive calculus textbook. It isn't worth putting your personal and financial data at risk.
  • Today's phishing scams use sophisticated replicas of login pages. Before accessing your school email, Canvas account, or online banking, make sure the web address is correct. Never submit sensitive information like usernames, passwords, or credit card numbers through an HTTP website.
  • Remember that your online activities can put other students at risk. Cyberattacks that originate on your computer can spread to other devices — even throughout the entire university system.
  • According to a 2015 study, approximately 12 million monthly users were infected with malware after downloading torrent files. Resist the temptation to download the latest Hollywood blockbuster or the digital version of your expensive calculus textbook. It isn't worth putting your personal and financial data at risk.

When You Discard Or Sell Old Devices Without Wiping Them Clean

In 2017, a teenager based in Ontario traded in her old, broken iPhone 5s for $11. Several months later, she received messages from a stranger who had bought her old phone and now had access to all of her contacts, social media accounts, texts, and photos. The stranger, who buys refurbished phones in bulk for reselling purposes, ultimately wiped Natalie's data and apologized for upsetting her. But in the hands of a malicious user, the consequences could have been much more harmful. Whether you plan to throw away, resell, recycle, or trade in your old computer or phone, you must take steps to ensure your data is permanently erased, overwritten, and inaccessible.
  • Avoid taking or storing private photos on your devices. No matter how secure you think your files are, someone may still gain access to them.
  • Before ditching your old computer, consider downloading antitheft apps or software to help overwrite your data. On a Mac, the built-in Disk Utility app can wipe and overwrite a drive.
  • Remove or erase your old phone's SIM and micro SD cards.
  • Instead of reselling on eBay, consider recycling your old devices directly with the manufacturer. You may even earn credit toward a new replacement.
  • Avoid taking or storing private photos on your devices. No matter how secure you think your files are, someone may still gain access to them.
  • Before ditching your old computer, consider downloading antitheft apps or software to help overwrite your data. On a Mac, the built-in Disk Utility app can wipe and overwrite a drive.
  • Remove or erase your old phone's SIM and micro SD cards.
  • Instead of reselling on eBay, consider recycling your old devices directly with the manufacturer. You may even earn credit toward a new replacement.

Top Online Programs

Explore programs of your interests with the high-quality standards and flexibility you need to take your career to the next level.

Password Security Weaknesses

Passwords offer relatively weak protection for personal information and data for a number of reasons — namely that their effectiveness depends on the human user. Most of us are guilty of reusing passwords, sharing passwords with others, or writing passwords down in easily accessible locations.

Hackers use a variety of techniques to crack passwords, including brute force attacks, phishing, and keylogger software. You may not be able to protect yourself from every method, but poor password habits can make it all too easy for strangers to gain access to your devices, social media, and financial accounts.

When Your Password Is Too Easy

If you use easy-to-guess passwords, you're not alone. Millions of people still rely on notoriously simple combinations like "123456," "password," and "asdf" to protect their accounts. In 2016, the Twitter account of Facebook cofounder, Mark Zuckerberg was hacked while protected with the password "dadada." When it comes to protecting your devices and data, passwords are the first line of defense. Rather than stuffing your password with numbers, special characters, and capital letters, experts now recommend long strings of text, like nonsense phrases, that are easy to remember. Follow these steps to help vaccinate your tech against cybercrime:
  • Avoid using birthdays, family and pet names, locations, and standalone words. Hackers can source this information through social media and dictionaries.
  • Research shows that changing passwords regularly is often unhelpful, as users tend to make minor changes that are easy to guess. Instead, focus on creating an effective password that will last, and only change it if your account has been compromised.
  • Enable two-factor authentication when available. This can protect your account from a breach even if a hacker correctly guesses your password.
  • Store your passwords with care. This means no sticky notes on your desk, no lists emailed to yourself, and no unprotected documents in cloud storage. Instead, consider password management apps, password-protected documents, or handwritten hints kept in a secure location away from your device.
  • Avoid using birthdays, family and pet names, locations, and standalone words. Hackers can source this information through social media and dictionaries.
  • Research shows that changing passwords regularly is often unhelpful, as users tend to make minor changes that are easy to guess. Instead, focus on creating an effective password that will last, and only change it if your account has been compromised.
  • Enable two-factor authentication when available. This can protect your account from a breach even if a hacker correctly guesses your password.
  • Store your passwords with care. This means no sticky notes on your desk, no lists emailed to yourself, and no unprotected documents in cloud storage. Instead, consider password management apps, password-protected documents, or handwritten hints kept in a secure location away from your device.

When You Use The Same Password For Numerous Sites

We use passwords for everything. According to a Digital Guardian survey of 1,000 internet users, a majority of us have more than 10 password-protected accounts. Nearly 30% of survey respondents said they had "too many to count." Remembering all those passwords is difficult. We all know the pain of being temporarily locked out of our own accounts after guessing too many incorrect combinations. This makes using the same password across multiple websites incredibly tempting, but password reuse can pose a major cybersecurity risk.
  • Do not use the same passwords for all of your accounts. Instead, create different password tiers according to the level of data/information sensitivity. You might consider reusing passwords for Netflix, Instagram, or Spotify, but create unique passwords for your bank, credit card, and school accounts.
  • Whether you reuse them or not, follow the tips in the previous section to make your passwords hard to crack.
  • Do not use the same passwords for all of your accounts. Instead, create different password tiers according to the level of data/information sensitivity. You might consider reusing passwords for Netflix, Instagram, or Spotify, but create unique passwords for your bank, credit card, and school accounts.
  • Whether you reuse them or not, follow the tips in the previous section to make your passwords hard to crack.

When You Store Sensitive Data In Contacts On Your Phone

Our Contacts apps come complete with spaces to add phone numbers, home addresses, email addresses, birthdays, and more. It seems like the perfect place to store information about friends, family, and coworkers, but that easy accessibility comes at a price. Information in our phone and computer address books is typically stored as plain text, offering zero security protections. This means it's a terrible idea to store your mom's credit card number or your friend's home security code in the "Notes" section of their contacts page. You shouldn't try to hide your own sensitive information in Contacts, either. Work on memorizing your Social Security Number instead of disguising it as a phone number under "Steven St. Nicholas."
  • Other information to avoid storing in address books includes bank PINs, account numbers, health information, and passwords.
  • Instead, store data in a password-protected file or a handwritten note kept in a secure place.
  • Many password management apps offer secure "Notes" sections, too.
  • Other information to avoid storing in address books includes bank PINs, account numbers, health information, and passwords.
  • Instead, store data in a password-protected file or a handwritten note kept in a secure place.
  • Many password management apps offer secure "Notes" sections, too.

Phishing Attacks

Phishing is a hacking method in which fraudulent emails, websites, and other forms of electronic communication are used to obtain sensitive information like usernames, passwords, and credit card details. Phishing was the leading cause of data breaches in 2019 and 2020, according to Verizon's annual Data Breach Investigations Report.

Young people often start seriously handling their own finances for the first time in college, taking on the responsibilities of credit cards, loans, and bank accounts. This abundance of sensitive data, combined with inexperience, makes college students an ideal target for phishing attacks. Cybersecurity awareness is the best way to keep yourself safe.

When You Follow A False Link Or Reply To A Fake Email

Phishing emails are a tried-and-true method for hackers to obtain personal, private information. In 2017, thousands of Dartmouth University students received a phishing email claiming to be from the university's president. An embedded link asked recipients to enter their university NetID. This year, college students have been the target of similar COVID-19 phishing scams. These messages claim to be from university financial departments and link to portals requiring students to enter their login credentials. Phishing emails typically appear to come from trusted senders and request that you verify banking details, login credentials, or credit card information. These emails may feature the same layout, color scheme, and language of the real entity, and may link to a site specifically designed to spoof the real thing. Recognize and avoid phishers with the following tips:
  • It's a good rule of thumb to distrust every piece of email that lands in your inbox. Double check the email address of the sender for phishing giveaways like a wrong domain.
  • Phishing emails often foster a false sense of urgency, hoping recipients will ignore the warning signs and engage without thinking. Watch out for emotional messages concerning account suspension, money owed, or limited-time offers.
  • These days, most legitimate emails address recipients by name. Be suspicious of impersonal, generic greetings, like "Dear user," or "Dear valued customer."
  • If the email includes a link, study the URL carefully. Look for that secure "HTTPS." Rather than clicking the embedded email link, which can immediately give hackers information, independently type the address into your browser to see where it takes you.
  • It's a good rule of thumb to distrust every piece of email that lands in your inbox. Double check the email address of the sender for phishing giveaways like a wrong domain.
  • Phishing emails often foster a false sense of urgency, hoping recipients will ignore the warning signs and engage without thinking. Watch out for emotional messages concerning account suspension, money owed, or limited-time offers.
  • These days, most legitimate emails address recipients by name. Be suspicious of impersonal, generic greetings, like "Dear user," or "Dear valued customer."
  • If the email includes a link, study the URL carefully. Look for that secure "HTTPS." Rather than clicking the embedded email link, which can immediately give hackers information, independently type the address into your browser to see where it takes you.

When You Open An Infected Attachment

Common phishing scams seen on the Bowling Green State University campus include fake fraternity recruitment emails and senders posting as professors in search of student employees. Students may receive several such emails a week, often with suspicious attachments that they are careful not to open. According to one expert analysis, 85% of all malicious emails carry common attachment formats like .DOC, .XLS, .PDF, and .ZIP. In some cases, these attachments may be perfectly harmless, but many contain malware and other nasty features, activated with just a click. Using these tools, phishers can steal sensitive information, demand a ransom for the safe return of your data, or even remotely take over your device.
  • Treat email attachments with care. Never open one unless you can verify the sender and are expecting the attachment in question. Remember that even trusted email addresses can send infected attachments if they've been compromised.
  • Avoid downloading and installing software sent to you via email. Instead, visit the manufacturer's site for a download.
  • Verify anything unusual. Double check with the sender before opening an attachment.
  • If an email seems "off" to you, do a quick Google search to see if similar phishing scams have been reported.
  • Treat email attachments with care. Never open one unless you can verify the sender and are expecting the attachment in question. Remember that even trusted email addresses can send infected attachments if they've been compromised.
  • Avoid downloading and installing software sent to you via email. Instead, visit the manufacturer's site for a download.
  • Verify anything unusual. Double check with the sender before opening an attachment.
  • If an email seems "off" to you, do a quick Google search to see if similar phishing scams have been reported.

When You Answer A Suspicious Phone Call

College students love texting and social media, but sometimes we still need to pick up the phone for an old-fashioned call. Phone scams are a popular tactic of phishers looking for financial information, largely because they are proven to work. Nearly 1 in 6 Americans lost money to a phone scam in 2019. In the last few years, major mobile carriers including T-Mobile, AT&T, and Sprint introduced scam protection features to help fight phishing calls. You can see this in action when your caller ID labels an incoming number as "scam likely" or "potential fraud." This screening feature works by checking callers against a database of reported scam numbers. Unfortunately, some phishing calls still slip through. The most common phone scams targeted at college students relate to financial aid, tuition, and taxes. Protect yourself with these tips:
  • Distrust unusual callers, especially those who use an "unknown number" ID. Let your voicemail take care of things. Remember that caller IDs can also be spoofed.
  • Never give your personal or financial data out to someone who calls you. Legitimate university offices will not insist on wire transfers or immediate payments over the phone. Government agencies like the IRS never cold call citizens.
  • If a suspicious caller claims to represent your university, hang up and call the school directly to confirm and follow up.
  • Distrust unusual callers, especially those who use an "unknown number" ID. Let your voicemail take care of things. Remember that caller IDs can also be spoofed.
  • Never give your personal or financial data out to someone who calls you. Legitimate university offices will not insist on wire transfers or immediate payments over the phone. Government agencies like the IRS never cold call citizens.
  • If a suspicious caller claims to represent your university, hang up and call the school directly to confirm and follow up.

When You Follow A Malware Link In A Text

According to Pierson Clair, managing director of cyber risk at the risk management firm Kroll, millions of phishing attempts are made via text message every single day. Many phishing attempts depend on tricking the recipient into providing sensitive information, but more malicious phishing texts can contain links to malware that spy on your activity, data, and files without your knowledge. In recent years, hackers have targeted both Apple and Android devices. Once discovered, manufacturers quickly develop software patches that address vulnerabilities and close security loopholes, but for infected users, these patches may be too little, too late. To protect your device:
  • Avoid clicking on links in text messages. Be suspicious of shortened URLs like bit.ly addresses, which may be used to hide a link's true destination.
  • Keep your phone's software updated to address any security vulnerabilities.
  • If you suspect your device has been infected by malware, report the issue to the manufacturer.
  • Avoid clicking on links in text messages. Be suspicious of shortened URLs like bit.ly addresses, which may be used to hide a link's true destination.
  • Keep your phone's software updated to address any security vulnerabilities.
  • If you suspect your device has been infected by malware, report the issue to the manufacturer.

Social Media Dangers

According to a 2011 study by Experian Simmons, 98% of college-aged students use social media. YouTube, Instagram, Facebook, and Snapchat are the most popular options among teens and young adults, followed by Twitter, Pinterest, and Reddit. Social media can offer a beneficial, direct pathway to connection with others, but there are plenty of risks associated with social networking, too.

Social media sites leave users open to bullying and harassment from anonymous trolls, mean-spirited acquaintances, and overbearing friends, family members, or partners. One wrong move on social media can lead to hacking, distribution of private photos, or financial scams.

When You're Harassed, Bullied, Or Stalked On Social Media

According to 2019 data from the Cyberbullying Research Center, approximately 37% of surveyed students ages 12-17 reported experiencing cyberbullying in their lifetimes. The majority of cyberbullying research focuses on K-12 populations, but online harassment can happen to anyone at any age. One survey of 439 college students indicated that 38% knew someone who had been cyberbullied; 21.9% had been a target of cyberbullying; and 8.6% had cyberbullied someone else. Cyberbullying poses a real danger to victims' mental and emotional health. In extreme cases, online harassment and stalking can even bleed into real life, threatening one's physical safety and security. To make yourself less vulnerable to this type of toxic behavior, consider the following tips:
  • Refrain from posting personal information on public-facing social media, including your phone number, home address, location, or name of your school.
  • Be cautious about posting photos that could allow strangers to identify your location. Disable geotagging on all social media platforms.
  • Frequently check the security settings of your social media accounts.
  • Do not accept friend requests from students and other individuals you don't know.
  • Avoid sharing details about when you'll be away from home. Burglars may use this information to target your unoccupied residence.
If you become the target of cyberbullying or harassment:
  • Communicate in clear terms that you wish to be left alone.
  • Use social media features to cut off the perpetrator. This may include blocking the user, limiting who can view your posts, or increasing the privacy settings of your accounts.
  • Document the issue by taking screenshots, recording phone calls, and saving emails, texts, and voice messages.
  • Report the problem to the social media provider and/or campus police.
  • Consider reaching out to your school's counseling center or a crisis helpline.
  • Refrain from posting personal information on public-facing social media, including your phone number, home address, location, or name of your school.
  • Be cautious about posting photos that could allow strangers to identify your location. Disable geotagging on all social media platforms.
  • Frequently check the security settings of your social media accounts.
  • Do not accept friend requests from students and other individuals you don't know.
  • Avoid sharing details about when you'll be away from home. Burglars may use this information to target your unoccupied residence.
  • Communicate in clear terms that you wish to be left alone.
  • Use social media features to cut off the perpetrator. This may include blocking the user, limiting who can view your posts, or increasing the privacy settings of your accounts.
  • Document the issue by taking screenshots, recording phone calls, and saving emails, texts, and voice messages.
  • Report the problem to the social media provider and/or campus police.
  • Consider reaching out to your school's counseling center or a crisis helpline.

When You're The Subject Of Revenge Porn

Broadly defined, revenge porn is the distribution of private, intimate, or sexually explicit images and videos without consent. This type of nonconsensual pornography is usually shared by the victim's ex-partner, often as a way to "get back" at the victim for perceived wrongdoing after a fight or break up. Personal photos may also be obtained and shared by hackers. According to a 2016 study by the Data & Society Research Institute, 1 in 25 Americans have been victims of revenge porn, and 1 in 10 women under 30 have experienced threats of intimate image exposure. Currently, 41 states have specific laws on the books concerning the distribution of revenge porn. Potential penalties vary from misdemeanors to felonies, with consequences including probation, fines, and/or imprisonment.
  • The only way to entirely protect yourself from nonconsensual pornography is by not taking or sharing intimate photos, even with a trusted partner.
  • If you do take intimate photos, store them in an encrypted, password-protected folder on your computer, never in cloud storage. Remember that apps like Snapchat can be hacked and monitored remotely.
  • If you become a victim of nonconsensual pornography, document and report it to the social media provider and campus police. Consider reaching out to your school's counseling center or a crisis helpline.
  • The only way to entirely protect yourself from nonconsensual pornography is by not taking or sharing intimate photos, even with a trusted partner.
  • If you do take intimate photos, store them in an encrypted, password-protected folder on your computer, never in cloud storage. Remember that apps like Snapchat can be hacked and monitored remotely.
  • If you become a victim of nonconsensual pornography, document and report it to the social media provider and campus police. Consider reaching out to your school's counseling center or a crisis helpline.

When You're Hacked Through A Social Media Post

Facebook is the world's most popular social networking site, attracting teens, adults, senior citizens, and cybercriminals ready to prey on unsuspecting users. Phishers and hackers commonly use spoofed accounts, hacked accounts, and fake pages to send and share malicious links disguised as surprising videos, prizes and awards, or advertisements. These links may lead to spoofed Facebook sign-in pages asking you to verify your credentials, websites asking for personal information, or sites stuffed with a "drive-by download," which can infect your device and steal data entirely without your knowledge.
  • Hackers can easily identify your personal interests and tailor messages, posts, and scams accordingly. They may hijack accounts or create imitations to make you think you're talking to your best friend or your sibling. Stay alert and suspicious.
  • We all want to know what Disney character our profile picture most resembles, but it's best to avoid Facebook polls and quizzes that require you to give random sites permission to access your account information. You never know where it might end up.
  • When it comes to social media, the old adage applies: "If it seems too good to be true, it probably is." No one will give you a free car if you like and share a post.
  • Hackers can easily identify your personal interests and tailor messages, posts, and scams accordingly. They may hijack accounts or create imitations to make you think you're talking to your best friend or your sibling. Stay alert and suspicious.
  • We all want to know what Disney character our profile picture most resembles, but it's best to avoid Facebook polls and quizzes that require you to give random sites permission to access your account information. You never know where it might end up.
  • When it comes to social media, the old adage applies: "If it seems too good to be true, it probably is." No one will give you a free car if you like and share a post.

When You're Scammed By A Social Media Connection

In 2016, University of Washington students lost a collective $1 million in tuition funds after falling for a financial scam. The scam — shared on social media by a trusted fellow UW student — promised to save individuals 5% on their summer tuition if they paid through an intermediary. We shell out big bucks every year for tuition, fees, housing, books, and supplies. Scammers are eager to get in on the action, using methods like fake checks, too-good-to-be-true apartment listings, and scholarship scams to defraud students. Scammers may attempt to gain students' trust by posing as fellow students, alumni, professors, and other individuals involved with the school or trusted organizations.
  • Again, things that seem too good to be true typically are, at least when it comes to social media. Carefully scrutinize any and all offers of financial assistance.
  • Legitimate scholarships rarely ask for application or processing fees. If you need to spend money before receiving any in return, it's likely a scam.
  • Watch out for fake online personas or spoofed accounts of real people. Before accepting any financial assistance or providing any personal information, always verify the identity of the person you're connected to.
  • Again, things that seem too good to be true typically are, at least when it comes to social media. Carefully scrutinize any and all offers of financial assistance.
  • Legitimate scholarships rarely ask for application or processing fees. If you need to spend money before receiving any in return, it's likely a scam.
  • Watch out for fake online personas or spoofed accounts of real people. Before accepting any financial assistance or providing any personal information, always verify the identity of the person you're connected to.

Campus Thefts and Scams

Due to the novel coronavirus pandemic, the future of living and learning on college campuses is largely up in the air. Some schools plan to hold virtual classes through 2021, while others have chosen to experiment with in-person attendance options, with varying rates of success.

If and when you find yourself back on a college campus, you need to consider more than just basic internet safety. A new host of risks emerge in busy college environments, including the physical safety of your devices, unique opportunities for hackers to spread malware, and risks associated with communal computers.

When You Don't Secure Your Laptop Or Cellphone

Each year from 2001-2016, burglary ranked as the most common crime across college campuses in the U.S., according to the National Center for Education Statistics. It takes only seconds for a fearless thief to swipe your smartphone or laptop while you take a bathroom break at the library or visit the communal kitchen in your dorm building. Losing your device could mean losing access to time-sensitive assignments, needing to shell out hundreds of dollars on a replacement, and having to report a crime to campus police. College is hard enough without those hassles. Follow these tips to keep your tech safe:
  • Always lock your dorm room when you leave, even if you only plan to be gone for a few minutes.
  • Invest in a laptop cable lock. Use it in public spaces to help keep your laptop secure.
  • Never store your laptop in a car, even if it's kept out of sight.
  • Register your laptop and phone with the campus security office. The brand, model, and serial number is attached to your name, student ID, and contact information. You might also receive a registration sticker to put on your device, which can act as a deterrent for would-be thieves.
  • Enable your devices' built-in tracking features, such as Apple's "Find My" app, or download a comparable program like Prey or Absolute.
  • Regularly backup your devices and files to a cloud storage system and/or external hard drive. This ensures you always have access to what you need and gives you the option to remotely erase your devices if they are stolen.
  • Always lock your dorm room when you leave, even if you only plan to be gone for a few minutes.
  • Invest in a laptop cable lock. Use it in public spaces to help keep your laptop secure.
  • Never store your laptop in a car, even if it's kept out of sight.
  • Register your laptop and phone with the campus security office. The brand, model, and serial number is attached to your name, student ID, and contact information. You might also receive a registration sticker to put on your device, which can act as a deterrent for would-be thieves.
  • Enable your devices' built-in tracking features, such as Apple's "Find My" app, or download a comparable program like Prey or Absolute.
  • Regularly backup your devices and files to a cloud storage system and/or external hard drive. This ensures you always have access to what you need and gives you the option to remotely erase your devices if they are stolen.

When You Pick Up An Infected Device On Campus

In 2016, researchers at Google, the University of Michigan, and the University of Illinois at Urbana-Champaign teamed up to conduct a study on the habits of college students discovering "lost" USB drives. The researchers scattered 300 drives across the UIUC campus and measured how many were retrieved. At least 45% ended up connected to computers, with one drive plugged in just six minutes after being dropped. This is a problem because USB drives may contain malicious software. The 2010 Stuxnet worm, widely recognized as the world's first digital weapon, was spread via USB devices. In 2016, a unique USB-based malware was discovered that could install itself and steal user data without detection.
  • Distrust any device you find on campus, whether a USB drive, laptop, or cell phone.
  • Do not plug any unknown devices into your computer in an attempt to identify the owner. Take them to your school's lost and found or IT department.
  • To mitigate risk of infection, avoid sharing USB drives with others, and be cautious when plugging them into public computers. Use security software to scan any device given to you, even by a trusted friend.
  • Distrust any device you find on campus, whether a USB drive, laptop, or cell phone.
  • Do not plug any unknown devices into your computer in an attempt to identify the owner. Take them to your school's lost and found or IT department.
  • To mitigate risk of infection, avoid sharing USB drives with others, and be cautious when plugging them into public computers. Use security software to scan any device given to you, even by a trusted friend.

When You Use A Communal Workstation

Ten percent of college students in the U.S. — approximately 2 million individuals — don't have access to their own laptops for school use. These students must rely on computer labs, library desktops, and other communal workstations to complete assignments. Even students who own their own devices often rely on campus computers to stay connected, complete research, or do homework in a designated quiet area. Schools offer well-protected networks to keep students safe from some threats, but communal workstations are not entirely without risk. They may expose you to malicious software, infected files, malware, or keyloggers.
  • When possible, avoid logging into websites when using public computers. If you do need to login, don't forget to logout before you leave.
  • Never use a public computer to complete a financial transaction, download software, or visit sketchy websites.
  • Use private browsing options or clear your browsing data before logging off.
  • Be aware of your surroundings. Shoulder surfers may try to snag usernames, passwords, and other sensitive information.
  • When possible, avoid logging into websites when using public computers. If you do need to login, don't forget to logout before you leave.
  • Never use a public computer to complete a financial transaction, download software, or visit sketchy websites.
  • Use private browsing options or clear your browsing data before logging off.
  • Be aware of your surroundings. Shoulder surfers may try to snag usernames, passwords, and other sensitive information.

Travel and Off-Campus Data Security Threats

College campuses come equipped with well-protected Wi-Fi networks to keep your data safe, but when you travel off campus for vacation, academic field trips, or a weekend study session at the local Starbucks, take extra precautions. Hackers and other cyber criminals love taking advantage of public locations because they typically provide lax cybersecurity protections, a wealth of unsuspecting victims, and relative anonymity.

Most of us are traveling considerably less in the face of COVID-19, but it's never a bad idea to brush up on your cybersecurity awareness.

When You're Hacked Via Free Wi-Fi

We rely on the internet for countless personal and professional tasks. Businesses and other public places know this, and they often use it to their advantage, offering Wi-Fi connections to attract customers and keep them happy. You can access free Wi-Fi connections in nearly every fast food restaurant, roadside hotel, and airport terminal. Nearly half of working adults in the U.S. trust these public Wi-Fi networks to keep their information secure. Unfortunately, convenient connections can hide countless dangers. With free and inexpensive software, cyber criminals can easily snoop on public internet connections, intercept communications, and steal user data.
  • Know when and where you're connecting by disabling your devices' ability to automatically connect to nearby Wi-Fi.
  • Verify the legitimacy of a network before you connect. Hackers may set up their own Wi-Fi connections near trusted businesses in an attempt to trick unsuspecting users into logging on.
  • Avoid using public Wi-Fi to shop online, access financial information, or visit sensitive websites. Enable two-factor authentication to protect your social media and email accounts.
  • Use a free or paid virtual private network (VPN) service to encrypt your data.
  • The best way to avoid the pitfalls of public Wi-Fi is to simply avoid using it. Consider an unlimited data plan or your own portable travel router.
  • Know when and where you're connecting by disabling your devices' ability to automatically connect to nearby Wi-Fi.
  • Verify the legitimacy of a network before you connect. Hackers may set up their own Wi-Fi connections near trusted businesses in an attempt to trick unsuspecting users into logging on.
  • Avoid using public Wi-Fi to shop online, access financial information, or visit sensitive websites. Enable two-factor authentication to protect your social media and email accounts.
  • Use a free or paid virtual private network (VPN) service to encrypt your data.
  • The best way to avoid the pitfalls of public Wi-Fi is to simply avoid using it. Consider an unlimited data plan or your own portable travel router.

When Your Money Is Stolen By An ATM Skimmer

According to the ATM Industry Association, 86% of surveyed ATM operators reported experiencing ATM data fraud in 2019. Skimming was the most common type of ATM fraud reported, followed by PIN compromise, transaction reversal fraud, and cash trapping. Worryingly, 91% of respondents also said that ATM skimming devices were getting smaller, making them harder to detect. To engage in ATM skimming, criminals use electronic devices disguised to look like part of the machine. When customers use a hacked ATM, the skimmer records card details, and a hidden camera or false keypad records PIN numbers. One of the fastest-growing crimes in the financial industry, ATM skimming costs consumers and institutions a staggering $8 billion each year.
  • Before use, check an ATM for any unusual added devices.
  • If you have trouble inserting your card, this may be a sign of an internal skimmer. Do not use the machine.
  • Always cover an ATM's keypad with your hand when entering your PIN. Be alert for shoulder surfers standing too close.
  • Write down your bank's customer service phone number and keep it on hand. If you lose your card or think your information has been compromised, call the number to freeze your accounts.
  • Before use, check an ATM for any unusual added devices.
  • If you have trouble inserting your card, this may be a sign of an internal skimmer. Do not use the machine.
  • Always cover an ATM's keypad with your hand when entering your PIN. Be alert for shoulder surfers standing too close.
  • Write down your bank's customer service phone number and keep it on hand. If you lose your card or think your information has been compromised, call the number to freeze your accounts.
Learn More About Common Cybersecurity Threats

Internet Safety and Security Awareness Resources for Students

Cybersecurity Education

Internet Safety Groups and Resources

  • CiviliNation is a nonprofit working to fight online harassment, character assassination, and violence. The organization believes in defending free speech and fostering an online culture in which individuals can fully engage and contribute without being targeted by abuse, harassment, or lies. Their website offers an extensive library of informative content and a resource center.
  • The National Cybersecurity Alliance aims to empower a more secure, interconnected world through education and amplification of cybersecurity awareness. NCSA's website offers resources for online safety, identity theft, account and device security, and privacy management. The site also refers visitors to more than a dozen free security checkups and tools.
  • Stop. Think. Connect. is a global online safety awareness campaign led by NCSA, the Anti-Phishing Working Group, and the U.S. Department of Homeland Security. The campaign's site offers helpful basic safety advice. Users can also access targeted cybersecurity tip sheets, including considerations for LGBTQ online safety, digital wedding planning, and online holiday shopping.

Advocacy and Support Groups for Online Victims

  • The Cyber Civil Rights Initiative is a nonprofit organization advocating for technological, social, and legal innovation in the fight against online abuse. CCRI primarily focuses on nonconsensual pornography, offering victim support including a 24/7 crisis helpline and links to resources for reporting, removal, and legal assistance.
  • Without My Consent is a project headed by the CCRI that aims to empower individuals to understand and stand up for their online privacy rights. The site's extensive resources cover practical topics including evidence preservation, copyright registration, takedown notices, and emotional support.
  • FightCyberstalking.org provides online resources for victims of cyberstalking on sites like Twitter, Facebook, Instagram, and YouTube. Site users can access advice on reporting cyberstalking crimes, seeking emotional support, and enhancing privacy and security online.

Reporting a Cybersecurity Issue on Social Media or Email

Reporting a Cybersecurity Issue or Crime to the Government

  • The FBI Internet Crime Complaint Center (IC3) allows victims of Internet crime to file a complaint. The IC3 does not conduct its own investigations. Rather, it reviews submitted information and, when appropriate, forwards it on to federal, state, local, or international agencies with jurisdiction. The site also offers tips for Internet crime prevention.
  • IdentityTheft.gov is the federal government's one-stop resource for identity theft victims. The site offers extensive resources and tools to help you avoid, recognize, report, and recover from identity theft.
  • The IRS will never contact you by email, text, phone call, or social media to request personal or financial information like PIN numbers and passwords. If you receive unsolicited or suspicious contact from someone claiming to be from the IRS, report the incident with the Treasury Inspector General for Tax Administration and to phishing@irs.gov. Learn more about phishing on the IRS website.

Campus Resources

  • The experts at your school's office of information technology services can help you recover data from a hacked device, provide free security software such as VPNs and antivirus programs, and offer tips and tutorials for cybersecurity awareness and internet safety. Online students may not be able to visit the technology services office in person, but nearly every school offers some level of remote tech support. Always report issues, like phishing emails sent to your school email, to this office.
  • Campus police and campus safety departments are in place to protect students, staff, and campus facilities. If you become a victim of cyberbullying, online harassment, or stalking, it's important to file a report with school police. Make sure to supply documentation as evidence, including screenshots, emails, or text messages. Campus safety officers will respond to your allegations and provide you with tips to protect your digital and physical safety.
  • If you face online harassment or cyberbullying, it's important to reach out for emotional support. Student counseling services offer a variety of basic services from trained and licensed mental health professionals. Students located on campus can take advantage of one-on-one counseling or group counseling. Many schools also offer online and phone counseling options for students who can't come to campus.
  • Specifically designed to serve remote learners, your school's online student services department can direct you to the resources you need while attending college away from campus. If you aren't sure where to turn for help, these caring staff members are a great first place to go.

Frequently Asked Questions

How can students protect themselves online?

College students can protect themselves online by understanding internet safety trends, keeping their devices' software up-to-date, and limiting risky behaviors like oversharing personal information, downloading software from unverified sources, or visiting illegal sites.

What is digital safety?

Digital safety is an alternative term for internet safety. It encompasses both cybersecurity awareness and putting that knowledge into action to reduce risks to private information, property, and personal well-being.

How can you be safe on social media?

To stay safe on social media, college students should frequently evaluate their privacy and security settings, avoid accepting friend requests from strangers, and carefully consider what they choose to reveal in status updates or photos.

What should you not do on the internet?

Never send sensitive information like passwords over public Wi-Fi. Avoid using the same password for your social media, school account, and online banking. Resist the temptation to download pirated content, which may carry malware and/or subject you to legal penalties.

Additional Reading

School Rankings

Useful Resources

Recommended Reading

Take the next step toward your future.

Discover programs you’re interested in and take charge of your education.