Online Safety For College Students

From back-to-school supplies to shoes and clothing to groceries, online shopping is big among students. But this convenience can come with risks if you're not careful:

• Never shop on open Wi-Fi networksOpen Wi-Fi networks make it easy for hackers to hijack credit card and other personal information. Before making a purchase, make sure you're connected to an encrypted, password-protected network.
• Make secure paymentsDon't make direct transfers to make a purchase. Also avoid using your debit card because it may be linked to other financial accounts and it could take weeks to get money back for fraudulent charges. Instead, use a credit card or, better yet, a secure payment site such as PayPal. Both offer fraud/purchase protection in case something goes wrong, and when using PayPal, sensitive financial information isn't sent to the seller.
• Watch out for fake storesIf you're shopping online at a store you've never shopped at before, review the seller's privacy policy, return policy and contact or about us page. If you can't find a physical address or contact information or if any information is questionable, don't purchase anything. You can also use�WHOIS.net�to verify the administrative contacts. Lastly, before entering payment details, make sure the site is secure. A secure site's URL will start with https:// (not https://). This means the information you enter into the site is encrypted.
• Be wary of online advertisementsFrom newsfeed ads on Facebook to display advertisements on The Huffington Post, we're barraged with online ads every day. Some of these advertisements are not legitimate even though they appear to be. Once clicked, users may be asked to fill in personal information that hackers and other malicious users can steal.

Students use email every day. Canavan recommends students develop good email habits and know how to spot potential problems. Phishing scams can be creative and sophisticated, and they're constantly evolving. Fraudulent emails often appear legitimate, as if they came from your university, a campus-related organization, your bank or even a friend's account.

• Check the subject lineBe wary of subject lines with a sense of urgency, says Siciliano. “Your account is about to be suspended” is a common subject line that gets users to click a link to a nefarious site.
• Don't click on linksBoth Siciliano and Canavan say students shouldn't click on links inside of emails, even if it's to “unsubscribe”. Hover your mouse over the link first. If the URL is different or questionable, assume it's a scam, says Siciliano. If it's your bank saying there's an issue, log in directly on the bank's site instead of clicking the link in the email.
• Check the sender's email addressSpammers can easily use a recognizable name such as your favorite brand or store in the “from” field. Before opening the message, hover over the name in your inbox to see the full email address. If it doesn't match up, send the email to your trash or flag it as spam.
• Use the phoneIf you receive an email from a bank, credit card company, Amazon, PayPal or your college that warns your account has been compromised, call the organization directly. “Do not call the number in the email,” says Canavan. “Instead, call the number on the back of your bank card or look up the information online.”
• Don't open attachmentsUnless you're positive the email and attachment are from someone you know and trust, don't open any attachments sent via email.

According to the�Pew Research Center, 88% of 18-29 year olds use Facebook, 59% use Instagram and 36% use Twitter. Social media is a top form of communication among students, but it can also be a gateway to scams, phishing and other online threats if you don't follow a few sensible guidelines.

• Don't share sensitive informationNever publish identifying information – home address, birth date, phone number, Social Security number, banking information, etc. – on your profile or when signing up for an account. It's also a good idea to avoid using personal information, including your full name, when choosing a username.
• Lock down the security settingsDon't rely on default security/privacy settings because they usually make everything public. You can limit who can see your information, find you through search, access your posts and pictures and more. Make sure to check these often too – features can change and affect your preferences or new security settings may be added.
• Verify requestsMalicious users can impersonate people you may or may not know and send requests to connect. Before accepting these requests, verify the sender's information to ensure they are someone you know or trust.
• Think twice before postingFrom comments to photos to tweets, everything you do and say online lives forever so think twice before posting something potentially harmful to yourself or others. What's acceptable? Siciliano suggests students imagine their social media accounts can be viewed only by future employers, future in-laws and gossipers before they post. Will your reputation remain intact after they scroll through your activity? If not, you might want to reconsider.

In-person meetups with someone you met online is common among teens and college students but sometimes things don't always go as planned. Whether trying to buy a couch on Craigslist or using a dating app, students need to play it safe.

• Meet in a public placeAlways meet someone for the first time in a public place like a coffee shop or restaurant.
• Tell a friendTell a friend or family member about the meeting as well as details about the person (name, phone number, photos and any other additional information you have).
• Don't get too personalWhen online dating, don't give out too much personal information until you really get to know the person.
• Be discreetWhether posting a for sale ad on Craiglist or creating a Match.com profile, don't use your full name and don't include any identifying information.
• Use a throwaway email addressWhen selling goods online or registering for a dating site, don't use your personal email address. Create a new one and only use it to communicate with those you don't know.
• Do your own researchDating sites don't run criminal background checks on users. Before agreeing to meet someone, do your own online research to learn more about the person and to determine whether it's safe to meet them. Review their social media accounts, see what public records are available and try a Google image search to verify profile photos.
• Don't respond to requests for moneyAny request for money, even from someone you've been chatting with for a while, is a red flag. Don't fall for sad or elaborate stories and always keep your financial information private. If someone asks you for money, report them to the dating or online service and cut off contact immediately.

Online job boards and postings are convenient ways to find that perfect summer job for a teenager or internship for a college junior. But online job hunting has its own cybersecurity risks that students should be aware of.

• Don't share personal informationAs mentioned before, don't share private information on your resume or on applications, such as your date of birth, bank account information or passport number.
• Watch out for phishing emailsEmployers or recruiters may send out emails claiming they've seen your resume on a job site, such as LinkedIn. Review those emails carefully before clicking on links or viewing attachments to ensure they don't take you to a fraudulent site or job posting.
• Watch out for fake job postingsDoes the job description guarantee a particular wage or salary? Are you required to pay for a credit or background check as part of the application process? These are just a couple warning signs that the job posting is a scam. Review the site domain, the employer and URL before submitting any information, and if anyone asks for personal information or if it sounds too good to be true, there's a good chance it's a scam.

Though not directly related to data theft, cyberbullying is a concern among teens and college students. According to�2015 research, 3.4 out of every 10 students reported being cyberbullied during their lifetime. Here are some tips for handling cyberbullies:

• Don't respondIt's easier said than done, but don't engage with cyberbullying threats or comments. Instead, ignore them and use your security settings to block the person.
• Save the evidenceIf blocking the person doesn't work and the bullying continues, take screenshots of harmful comments or posts and show them to someone who can help and intervene such as a parent, counselor, teacher or professor.

Read our�guide on cyberbullying�for more information and resources.

According to Siciliano, not all college campuses offer secure Wi-Fi networks, and even the latest antivirus, firewalls and anti-phishing software can't prevent all online attacks. “Never connect to unknown, unsecure (open) wireless networks,” advises Canavan. “Any data transmitted across an open network can be easily seen and stolen.” To stay protected, only use an encrypted network, such as WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) or WPA2 (Wi-Fi Protected Access II). These networks all require you to enter a password. But even if a network requires a password, other users can still potentially view sensitive information so be cautious. If you're connecting to an unknown network, your best bet is to use a reputable Virtual Private Network (VPN), which funnels your internet connection through an encrypted server.�Gizmodo�has a field guide on how to stay safe on public Wi-Fi for more details.

“While it's certainly convenient to not password protect your mobile phone, laptop and other devices, it's also an identity waiting to be stolen,” says Siciliano. He recommends college students put strong passwords on all their devices – and not share them with anyone. Your birthday or address may be easy to remember, but they aren't the strongest password options. The best passwords have at least 12 characters, and combine letters, numbers and special characters. “They're basically uncrackable at that length and complexity,” Canavan says. To help, there are programs available that generate complex passwords for you – and store them so you don't forget any. Examples include�Norton's Identity Safe Password Generator�and�LastPass.�PCMag�evaluated dozens of password managers and curated a list of the best options. Students should also avoid using the same password for multiple devices or accounts, and change them frequently – Siciliano recommends a time frame of at least every other month.

Sometimes even complex passwords aren't enough. Many sites and services offer two-step or multi-factor authentication to prevent hackers from accessing your accounts. Two-step authentication usually involves an extra step, such as entering your password and then a verification code that's sent to your mobile phone. These extra steps may sound like a hassle, but they make it more difficult for unauthorized users to get to your data.

Look for products that offer multilayered protection that goes beyond viruses, such as spam filtering or firewall protection.�Norton Antivirus Basic,�McAfee Antivrus Plus,�Bitdefender Antivirus Plus�and�Kaspersky Anti-Virus�are some of the top performing options available. Students can select a single subscription that allows them to install it across all their devices, regardless if they're using a Mac or Windows. Canavan notes, however, students also need to make sure these programs are always up-to-date. Siciliano adds that students should also keep their device firmware up-to-date and shut off non-essential devices when not in use.

Because there are numerous threats to a college student's online safety, Canavan says preparing for an attack is crucial. He recommends college students regularly back up their data, email accounts and other online systems, so they can recover their information if necessary.

According to Siciliano, many people think thieves will empty their bank accounts after stealing their identity or accessing their accounts. That's possible, but in most cases thieves avoid detection by withdrawing small amounts of money over a long period time. That means students need to keep a watchful eye on their statements. “By checking your credit card and bank statements monthly, you can catch any suspicious charges and report them to your bank immediately,” says Siciliano.

It can't be stressed enough and both Canavan and Siciliano strongly emphasize this recommendation – don't be quick to give out any personal information. Banks and student loan companies won't ask for personal information via email. Fraternities and sororities don't need your Social Security number for identification. If you do receive such a request, Canavan advises contacting the business or organization directly to verify what information they want and why it's necessary for them to have it. “It's our policy” isn't a good enough answer.

Not every precaution is high-tech. Both Canavan and Siciliano highly recommend students keep a close watch over their physical bank cards and PIN. Says Siciliano, “The PIN is the gateway to a bank account and thieves want it.” Students should cover the PIN pad when entering their code and never lend their card to someone else. And if you accidentally leave a card somewhere, call your bank immediately to put a temporary hold on it or cancel it all together (and request a new one). Some banks allow you to do this quickly and easily via their app.

Although dorm rooms are places where students can feel safe and secure, students should still be vigilant. Keep documents with personal information – such as bank statements, medical records and tax forms – in a secure, hidden location. Better yet, leave them at home with the parents.

It's easy to let mail pile up and eventually chuck it in the trash, but anything with personal identifying information, such as bank statements, credit card offers or drug prescriptions, should be shredded first. Separate the shredded material into multiple batches before recycling or placing in the trash.

Attackers target security weaknesses in browsers, plug-ins and extensions. To keep your data secure while browsing the internet make sure you're using the most up-to-date web browser, don't use autofill for sensitive or personal information, disable or clear cookies on a regular basis and don't download files or programs you don't recognize.

Although you may carry your smartphone or laptop with you on campus, you could still find yourself using a computer you don't own. Whether at a library workstation, in a friend's apartment or in a laboratory setting, when using a computer that isn't yours don't save any passwords, log out of all accounts, clear the browser history or browse incognito, and lock the computer if you need to step away.