Internet Safety and Cybersecurity Awareness for College Students

We increasingly rely on the internet and digital devices for daily tasks like communicating with each other, accessing financial services, and working and learning remotely.

In 2018, 92% of American households had at least one computer, smartphone, or tablet, and 85% had broadband internet, reported the U.S. Census Bureau. The percentage of Americans using the internet has risen from 52% in 2000 to 93% in 2021, according to the Pew Research Center.

The Covid-19 pandemic accelerated the trend of distance education in higher learning. In the fall of 2020, 75% of college students enrolled in at least one distance education course.

The extensive use of digital devices and sharing information online can open you up to various cybersecurity dangers. Understanding how to protect yourself from these dangers is crucial.

The best way to fight cybercrime is through awareness and prevention. Use the following statistics, stories, and tips to arm yourself on and off campus.

Why Cybersecurity Awareness Is Important

Cyberattacks are malicious attempts to breach computers and information systems.

Cybercriminals often seek to use others' digital data to benefit themselves. They use phishing scams and other social engineering techniques, malware, and ransomware to attack individuals and organizations.

The number of cyberattacks continues to rise each year with the addition of networked devices. Cybercriminals have also developed more sophisticated tactics to gain access to private information. Cybersecurity Ventures estimates that by 2025, cybercrime costs may cost the U.S. $10.5 trillion yearly.

The FBI Internet Crime Complaint Center (IC3) reported an increase in suspected internet crimes from 300,000 in 2019 to 791,790 in 2020, with losses exceeding $4.1 billion. The FBI IC3 report for 2021 reports a 7% increase from 2020, with losses exceeding $6.9 billion

Cyberattack victims can suffer financial, legal, and psychological consequences. Cybercriminals can steal personal information and damage reputations.

Although college students may think of themselves as tech-savvy digital natives, 2021 research by Atlas VPN found that millennials and Gen Z were the most likely age groups to fall for phishing emails.

Whether you are about to enter your first or final year of college, it's never too late to brush up on internet safety tips and increase your cybersecurity awareness.

Computer and Mobile Security Vulnerabilities

Cybercrime is on the rise worldwide, driven by increased devices, social media use, cloud storage, digital downloads, and mobile and online payments. Consumers' personal and financial data is everywhere, and hackers are getting smarter at retrieving it.

Computers and mobile devices are particularly vulnerable to malware, ransomware, and phishing attacks targeting social security numbers, credit card information, and bank account data.

The 2022 Cybersecurity Almanac reported that with nearly 5.3 billion mobile devices worldwide, security threats are on the rise, with mobile devices accounting for more than 60% of digital fraud.

It's more important than ever to take responsibility for the safety of your computer and mobile devices while in college.

When You Don’t Protect Your Computer and Mobile Phone

Today, hacking is not a question of "if" but "when." In 2021 alone, 1,043 schools faced ransomware attacks, reports Emsisoft. No matter how secure your university networks claim to be, you must take additional steps to protect your personal devices.

Malware, a type of software that gives unauthorized access to systems and devices, was a leading cyberattack method in 2022, according to a survey by UpCity.

To keep your tech safe from cyberattacks, experts recommend installing all software updates, arming yourself with cybersecurity tools like antivirus software, and regularly backing up your data. Remember that hackers don't discriminate. Never assume that hackers won't target your information.

Follow these steps to help protect your tech against cybercrime:

• Computer and smartphone software updates help patch security flaws and protect data. It's time to stop clicking "Remind Me Tomorrow" when your Mac asks to download and install updates. Better yet, turn on automatic updates for all operating systems, devices, and applications, especially your web browsers.
• Only download software directly from manufacturers and other trusted sources. Across the web, hackers use convincing fakes (urgent update alerts, download pages, etc.) to spread malware and ransomware to unsuspecting users.
• Invest in strong, trusted virus and spyware protection, whether you own a Mac or PC. Scan your computer at least once a week.
• Backup your computer periodically to an external hard drive and/or cloud-based storage system in case you need to recover data and files after a cyberattack.
• When surfing the web, enable pop-up blocking and consider private browsing. Cookies can open security loopholes for hackers, so it's best to delete them periodically.
• Ensure valid SSL certificates on websites before entering any credit card or personal information (look for a lock next to the website URL).
• Closely monitor your credit rating, credit cards, and bank accounts. Set up text notifications that alert you to possible fraudulent activity.

When You Visit Unsecure or Torrent Websites

While browsing, you might have noticed that some website addresses begin "HTTP," while others start with "HTTPS." That single letter makes a huge difference. HTTPS websites use a Secure Sockets Layer (SSL) connection that encrypts user communications and data, making them more secure for users.

Another way to determine if you are visiting a secure website is to look for the lock icon in your browser window. Unsecure HTTP sites enable hackers to view transferred information, including login credentials, in plain text format.

Torrent websites like The Pirate Bay host massive digital content repositories, including movies, music, video games, and software. Anyone can access this content at no cost, but torrenting is not risk-free. Dangers include infection from malware, penalties from your internet service provider, and legal settlements from copyright holders.

• Do not visit an unsecure website if you can avoid it. If you must visit one, do not enter any sensitive information.
• Today's phishing scams use sophisticated replicas of login pages. Before accessing your school email, online learning platform, or bank account, make sure the web address is correct. Never submit sensitive information like usernames, passwords, or credit card numbers through an HTTP website. For example, phishers frequently make fake sites that look like the official PayPal website to get access to users' credentials.
• Remember that your online activities can put other students at risk. Cyberattacks that originate on your computer can spread to other devices — even throughout the entire university system.
• Think before you click. You can infect your computer just by clicking on an email link. Type the website into your browser instead of clicking on an embedded link.
• Keep your browser, browser extensions, and operating system updated to reduce your risk of being hacked when visiting an unsecure website.

When You Discard or Sell Old Devices Without Wiping Them Clean

If you get rid of or lose your smartphone or computer without wiping your data, the new owner may be able to access your contacts, texts, social media accounts, and photos. In the hands of a bad actor, the consequences can be very harmful, potentially leading to identity theft.

Whether you plan to throw away, resell, recycle, or trade in your old computer or phone, you must take steps to permanently erase your data and ensure it's inaccessible.

• Factory-reset your device. If applicable, start by transferring your information to your new device. Then, remove your personal information from the old device. Erase your iPad or iPhone.
• Consider downloading antitheft apps or software to help overwrite your data. On a Mac, the built-in Disk Utility app can wipe and overwrite a drive.
• Remove or erase your old phone's SIM and micro SD cards.
• Instead of reselling on eBay or Facebook Marketplace, consider recycling your old devices directly with the manufacturer. You may even earn credit toward a new replacement.
• Avoid taking or storing private photos you would not want other people to see on your devices. No matter how secure you think your files are, someone may still gain access to them.

Phishing Attacks

Phishing is a hacking method in which fraudulent emails, websites, texts ("smishing"), and other forms of electronic communication obtain sensitive information like usernames, passwords, and credit card details. The FBI Internet Crime Complaint Center (IC3) reported phishing was the most common cybercrime in 2021, with 323,972 victims that year and over $44 million in losses.

Young people often start handling their own finances for the first time in college, taking on the responsibilities of credit cards, loans, and bank accounts. This abundance of sensitive data, combined with inexperience, makes college students an ideal target for phishing attacks. Cybersecurity awareness is the best way to keep yourself safe.

When You Follow a Fake Link or Reply to a Fake Email

Phishing emails are a tried-and-true method for hackers to obtain personal or private information. In 2021, phishers targeted U.S. universities by sending emails that tricked recipients into submitting their Microsoft Office 365 credentials on a fake online portal.

More recently, since the Biden administration opened the application for student loan forgiveness, college students have been the target of student loan debt relief phishing scams.

These emails claim to be able to put applicants in the front of the line and then ask for payment or personal details like your credit card information or bank account number.

Phishing emails typically appear to come from trusted senders and request that you verify banking details, login credentials, or credit card information. These emails may feature the same layout, color scheme, and language of the real entity, and may link to a site specifically designed to spoof the real thing.

Recognize and avoid phishers with the following tips:

• It's a good rule of thumb to distrust every piece of email that lands in your inbox. Double check the email address of the sender for phishing giveaways like a wrong domain or contain misspellings.
• Phishing emails often create a false sense of urgency, hoping recipients will ignore the warning signs and engage without thinking. Watch out for emotional messages concerning account suspension, money owed, or limited-time offers.
• These days, most legitimate emails address recipients by name. Be suspicious of impersonal, generic greetings, like "Dear user," or "Dear valued customer."
• If the email includes a link, study the URL carefully. Look for that secure "HTTPS." Rather than clicking the embedded email link, which can immediately give hackers information, independently type the address into your browser to see where it takes you.
• Make it more difficult for phishers to get into your account by setting up multi-factor authentication.

When You Open an Infected Attachment

Fake emails with infected attachments are a common phishing scam. In some cases, these attachments may be perfectly harmless, but many contain malware and other nasty features, activated with just a click. Using these tools, phishers can steal sensitive information, demand a ransom for the safe return of your data, or even remotely take over your device.

For example, a 2022 phishing scam targeting Microsoft Windows users tricked email recipients into downloading a Microsoft Excel attachment that delivers three types of malware. Students received several such emails a week, often with suspicious attachments that they should be careful not to open.

Millions of people received an email containing dangerous coronavirus malware in 2020, including 10% of all organizations in Italy. The email got people to inadvertently install a trojan downloader that allowed hackers to steal their private data and spy on them.

Review these tips before opening an email attachment:

• Treat email attachments with care. Never open one unless you can verify the sender and are expecting the attachment in question. Remember that even trusted email addresses can inadvertently send infected attachments if they've been compromised.
• Avoid downloading and installing software sent to you via email. Instead, visit the manufacturer's site for a download.
• Verify anything unusual. Double check with the sender before opening an attachment.
• If an email seems "off" to you, do a quick Google search to see if similar phishing scams have been reported.
• If you think you opened a harmful attachment, try updating your computer's security software, running a scan, and removing anything it identifies as a security issue.

When You Answer a Suspicious Phone Call

College students love texting and social media, but sometimes we still need to pick up the phone for an old-fashioned call. Phone scams are a popular tactic of phishers looking for financial information, largely because they are proven to work.

For example, robocalls cost Americans over $29 billion in 2021, according to Connecticut Attorney General, William Tong. In 2022, an international master's student in Canada lost nearly $11,000 to phone scammers who falsely threatened her with deportation for supposed criminal activity, reports CBC.

Recently, major mobile carriers, including T-Mobile, AT&T, and Sprint introduced scam protection features to help fight phishing calls.

You can see this in action when your caller ID labels an incoming number as "scam likely" or "potential fraud." This screening feature checks callers against a database of reported scam numbers.

Unfortunately, some phishing calls still slip through. Watch out for scams related to scholarships and financial aid, employment, and student loan debt relief.

Protect yourself from suspicious calls with these tips:

• Distrust unusual callers, especially those who use an "unknown number" ID. Let your voicemail take care of things. Remember that caller IDs can also be spoofed.
• Never give out your personal or financial data to someone who calls you. Legitimate university offices will not insist on wire transfers, payment by gift card, or immediate payments over the phone. Government agencies like the IRS never cold call citizens.
• If a suspicious caller claims to represent your university, hang up and call the school directly to confirm and follow up.
• If you get a call accusing you of a crime and demanding money, hang up. Call the official number for the organization the caller says they represent to find out if the call is legitimate.
• If you think you may be the victim of a phone scam, contact your local police to report it immediately.

When You Follow a Malware Link in a Text

Many phishing attempts depend on tricking the recipient into providing sensitive information. But, more malicious phishing texts can contain links to malwareDouble-check your activity, data, and files without your knowledge.

According to a RoboKiller report, over 58 billion spam text messages led to a loss of $10 billion for Americans in 2021.

In recent years, hackers have targeted both Apple and Android devices. Once discovered, manufacturers quickly develop software patches that address vulnerabilities and close security loopholes.

To protect your device from malware:

• Avoid clicking on links in text messages. Be suspicious of shortened URLs like bit.ly addresses, which hackers may use to hide a link's true destination.
• Do not reply to suspicious texts from companies about your account. Verify the company's phone number before calling them, as spam text messages will often provide a fraudulent phone number.
• Keep your phone's software updated to address any security vulnerabilities. Turn on automatic updates when possible.
• If you suspect your device is infected with malware, report the issue to the manufacturer. Forward suspected spam messages to 7726 — a spam reporting service recommended by the Federal Trade Commission (FTC).

Campus Thefts and Scams

If you attend a traditional on-campus academic program, you need to consider more than just basic internet safety. There are other cybersecurity risks to consider when living, working, and studying on a busy college campus. This includes the physical security of your digital devices, the risks of using public computers, and the potential to get hacked on campus.

When You Don’t Secure Your Laptop or Cellphone

It takes only seconds for a thief to swipe your smartphone, tablet, or laptop while you take a bathroom break or grab a coffee.

Losing your device could mean losing access to items stored on that device. You would also need to protect your personal information, report the crime to campus police, and spend hundreds of dollars on a replacement. College is hard enough without those hassles.

Follow these tips to keep your devices safe:

• Never leave your laptop or other devices unattended in a public place or in your car (even if it's out of sight).
• Always lock your dorm room or apartment when you leave, even if you only plan to be gone for a few minutes.
• Invest in a laptop cable lock. Use it in public spaces to help keep your laptop secure.
• Register your laptop and phone with the campus security office. The brand, model, and serial number are attached to your name, student ID, and contact information. You might also receive a registration sticker on your device, which can act as a deterrent for thieves.
• Enable your devices' built-in tracking features, such as Apple's "Find My" app, or download a comparable program like Prey or Absolute.
• Regularly backup your devices and files to a cloud storage system and/or external hard drive. This ensures you always have access to what you need and allows you to remotely erase your devices if stolen.
• Do not leave sensitive information on your laptop, like credit card numbers or passwords.

When You Pick Up an Infected Device on Campus

Do not plug in unknown USBs, laptops, or cell phones into your personal devices.

Although some students now store most of their work in the cloud, USB devices are still popular places to save projects and assignments. USBs can contain malware, so putting one into your laptop could have serious consequences.

• Distrust any device you find on campus, whether a USB drive, laptop, or cell phone.
• Do not plug any unknown devices into your computer in an attempt to identify the owner. Take them to your school's lost and found center or IT department.
• To avoid the risk of infecting devices, avoid sharing USB drives with others, and be cautious when plugging them into public computers. Use security software to scan any device given to you even by a trusted friend.

When You Use a Communal Workstation

According to a 2018 EDUCAUSE survey, about 9% of college students did not have access to a laptop. These students sometimes use their smartphones for school but rely on computer labs, library desktops, and other communal workstations to complete assignments.

Even students who own their own devices may rely on campus computers to stay connected, complete research, or do homework in a designated quiet area.

When the COVID-19 pandemic shifted most learning online, the option to work in a computer lab disappeared. In response, many universities began giving or loaning laptops to their students to increase equitable access to devices. Still, a personal laptop is not a guarantee at every school.

Schools offer protected networks to keep students safe from some cyberthreats, but communal workstations are not entirely without risk. They may expose you to malicious software, infected files, malware, or keyloggers.

• When possible, avoid logging into websites when using public computers. If you need to log in, don't forget to log out before leaving.
• Never use a public computer to complete a financial transaction, download software, or visit sketchy websites.
• Use private browsing options or clear your browsing data before logging off.
• Be aware of your surroundings. Shoulder surfers may try to snag usernames, passwords, and other sensitive information.

Internet Safety and Cybersecurity Resources for Students

The cybersecurity resources below can help you get a handle on internet safety while in school.

Internet Safety Groups and Resources

• The Federal Trade Commission's Online Privacy and Security website explains how to protect your devices and avoid online scams. Resources include explainers on protecting your computer from malware, what to know about romance scams, and how to secure your voice assistant.
• The National Cybersecurity Alliance aims to empower a more secure, interconnected world through education and amplification of cybersecurity awareness. NCSA's website offers resources for online safety, identity theft, account and device security, and privacy management. The site also refers visitors to more than a dozen free security checkups and tools.
• Stop. Think. Connect. is a global online safety awareness campaign led by NCSA, the Anti-Phishing Working Group, and the U.S. Department of Homeland Security. The campaign's site offers helpful basic safety advice. Users can also access targeted cybersecurity tips, including considerations for LGBTQ online safety, digital wedding planning, and online holiday shopping.

Advocacy and Support Groups for Online Victims

• The Cyber Civil Rights Initiative (CCRI) is a nonprofit organization advocating for technological, social, and legal innovation in the fight against online abuse. CCRI primarily focuses on nonconsensual pornography, offering a 24/7 crisis helpline and links to resources for reporting, removal, and legal assistance.
• Without My Consent is a project headed by the CCRI to empower individuals to understand and stand up for their online privacy rights. The site's extensive resources cover practical topics, including evidence preservation, copyright registration, takedown notices, and emotional support.
• The Cybercrime Support Network is a nonprofit group that helps individuals and small businesses impacted by cybercrime. The organization also runs ScamSpotter.org, a website with information to help people avoid internet scams.

Reporting a Cybersecurity Issue on Social Media or Email

• Facebook, Instagram, Snapchat, Twitter, and YouTube offer resources and reporting tools for hacked accounts and community guidelines violations, including abusive behavior, inappropriate content, account impersonation, and spam.
• Gmail Help provides dozens of articles on account safety and security guidelines. You can also access tools to report phishing emails and other violations of Gmail's policies.
• Learn how to keep your Microsoft email account safe and secure. Get instructions on what to do to recover a hacked account.

Reporting a Cybersecurity Issue or Crime to the Government

• The FBI Internet Crime Complaint Center (IC3) allows victims of internet crime to file a complaint. The IC3 does not conduct its own investigations. Rather, it reviews submitted information and, when appropriate, forwards it to federal, state, local, or international agencies with jurisdiction. The site also offers tips for internet crime prevention.
• IdentityTheft.gov is the federal government's one-stop resource for identity theft victims. The site offers extensive resources and tools to help you avoid, recognize, report, and recover from identity theft.
• The IRS will never contact you by email, text, phone call, or social media to request personal or financial information like PINs and passwords. If you receive unsolicited or suspicious contact from someone claiming to be from the IRS, report the incident to the Treasury Inspector General for Tax Administration and phishing@irs.gov. Learn more about phishing on the IRS website.

Campus Resources

• Your school's information technology office can help you recover data from a hacked device, provide free security software such as VPNs and antivirus programs, and offer tips and tutorials for cybersecurity awareness and internet safety. Online students may not be able to visit the technology services office in person, but nearly every school offers some level of remote tech support. Always report issues, like phishing emails sent to your school email, to this office.
• Campus police and campus safety departments are in place to protect students, staff, and campus facilities. If you become a victim of cyberbullying, online harassment, or stalking, file a report with campus police. Make sure to supply documentation as evidence, including screenshots, emails, or text messages. Campus safety officers will respond to your allegations and provide tips to protect your digital and physical safety.
• If you face online harassment or cyberbullying, it's important to reach out for emotional support. Student counseling services offer basic services from trained and licensed mental health professionals. Students located on campus can take advantage of one-on-one counseling or group counseling. Many schools also offer online and phone counseling options for students who can't come to campus.
• Your school's online student services department can direct you to the right resources if you're an online student.

Additional Resources

Cybersecurity Resources for Professionals and Students

Learn More

Cybersecurity Resources for Underrepresented Populations

Learn More

Internet Safety Tips While Working From Home

Learn More

Cybersecurity Resources on CyberDegrees.org

Learn More

FAQ About Internet Awareness and Cybersecurity for Students