5 Online Security Tips for Students

Professor teaching class of students with smartphones

Going to university or college, especially if you move away from the parental nest, can be one of the most exciting times in your life. The taste of freedom of setting up on your own, even if it is in a university residence, is amazing.

However, this new found freedom also opens up the potential for cybercriminals to scam students. Student scams are now almost part of university life. In many ways, students offer the perfect ‘phishing-ground’ for cybercriminals. Students are high tech users, who spend a lot of time on social media, and are mobile natives.

Generation Z or those born after 1995, are described as being “tethered” to their mobile devices and social media. Around 44 percent of Gen Z will check their social media profiles at least once an hour.

This intrinsic connection with technology by these digital natives has put them in the firing line of cybercrime.

Here are 5 cybersecurity problem areas with fix tips for the Gen Z student.

Tip #1 Don’t overshare personal things

A survey by Nationwide Bank in the UK looked at the social media practices of 16-25 year-olds. The output from the report is shocking reading. A full 83 percent in this age group know of peers who willingly gave away personal data on open social platforms. Oversharing on social platforms is known to encourage cybercrime. It allows cybercriminals to harvest data and aggregate it to allow the creation of fraudulent accounts.

Social media is a useful way to keep in touch with friends and family and arrange meetups. But don’t give the cybercriminal a leg up by giving out any data that can be seen as personal to you. This includes your birthdate, location, address even photos of your front door can help create fake profiles and accounts.

Tip #2 Be a “clean” student, don’t reuse passwords

Security awareness and hygiene is ‘Security 101’ in the curriculum. A report by SailPoint, which looked at cybersecurity habits, found that the Gen Z age group were a risky lot. The study found that 87 percent of Gen Z respondents reused passwords across different accounts. This practice puts your online footprint at great risk. Simply put, if a data breach results in one of your passwords being stolen, then multiple accounts are at risk. The practice of ‘credential stuffing’ uses the fact that people reuse passwords across multiple accounts. Hackers pair up known email addresses with stolen passwords and use automation scripts to try them out against website logins.

To see if your password has been in a recent data breach, check out Troy Hunt’s password breach checker. If your password has been exposed, change it immediately. And, always use a unique password for each account.

Tip #3 Keep your mobile secure

Going back to the earlier comment about students being tethered to their mobile devices, research backs up this claim. Around 95 percent of Gen Zers have a smartphone that they use for 5-hours a day or more. This natural home of the student is extended to using mobile banking. Gen Z folk like the interactive experience of modern disruptor banks too.

If you use a mobile device to bank your precious student funds, then you need to be aware of the risks. Mobile banking is under threat from Trojans. In 2018, mobile banking Trojans were at an all-time high. Trojans typically, replace your mobile bank app with a fake app screen. You then unwittingly login using this infected app which steals your login details, using them to then login into your bank. To avoid losing your student loan, make sure that you only install mobile apps from known sources, like official app stores.

Apart from that, be sure to secure your mobile internet connection using a VPN. This will ensure that your data is protected when using public wifi-networks. Also, never click on a link in a text message or email – this brings us onto our next tip on phishing. You can also use a cheap VPN like Planet VPN to improve your online safety.

Tip #4 Watch out for phishing

Phishing Fishhook with PasswordPhishing is the most successful tool in the cybercriminals arsenal, so using it to target students at university is no surprise. In 2018, Secureworks found a massive phishing campaign that spanned over 300 spoof sites with fake login for over 76 universities across Europe, USA, Turkey, Australia, and more. Because of the targeting of students, universities across the world are attempting to make their students aware of the prevalence of phishing scams targeting students.

Being aware of the tell-tale signs of phishing is a good place to start. Being security aware makes you less likely to fall for the phisher’s tricks. You should always avoid clicking links in an email. If in doubt, type the URL of the website you believe the email is from, i.e., the real brand, and then log in to your account from the real website. Also, do not open any attachments in an email unless you are absolutely sure of the source of the attachment.

Tip #5 Beware of online scams

The image of the poverty-stricken student isn’t too far-fetched. Most students live off loans and handouts from family. So, money is tight, and it is precious. This is why it is so easy for students to fall for money making scams. Tax refunds and other financial-based scams like the UK’s Student Loans Company (SLC) scam, trick students into handing over personal details, including login information.

Being security aware is important in a world that is filled with scams from all sorts of places. Scams often come in the form of an email, but scams are increasingly being found within social media posts and comments. This is something that students need to be very aware of as they tend to spend a lot of time on social media. Cash grab scams, which have been prevalent on Instagram are a typical example. In a recent probe into such scams, Sky News found that the under 25s were 6 times more likely to fall for Instagram money grab scams than those over 50 years of age.

Watch out for tell-tale signs of the scam. Often scammers will choose certain times of the year to target students. For example, the SLC scam was sent out during August and September knowing that students would be expecting an email from the SLC just before starting a new term.

Corporate IT security expert
Susan has been involved in the IT security sector since the early nineties, working across diverse sectors such as file encryption, digital rights management, digital signing, and online identity. Her mantra is that security is about human beings as much as it is about technology.