Online Safety For College Students

By Staff Writers

Published on July 27, 2021

Online Safety For College Students is an advertising-supported site. Featured or trusted partner programs and all school search, finder, or match results are for schools that compensate us. This compensation does not influence our school rankings, resource guides, or other editorially-independent information published on this site.

Are you ready to find your fit?

Identity Theft Protection

Teenagers and college students are more digitally connected than ever before. Approximately 73% of all 13- to 17-year olds have smartphones, 87% of American teenagers have access to a computer and 72% of them use social media. This constant connection makes online safety a major concern for students, and their parents and teachers – research shows 55% of Americans ages 18 to 29 have experienced at least one type of data theft. Whether you're a concerned parent, a teacher or a student yourself, get information on the best ways to keep personal information and identity safe online.

Test Your Cybersecurity Knowledge

Think you know all about cybersecurity and how to protect yourself online? Put your knowledge to the test with this quiz from the Pew Research Center:

How much do you know about cybersecurity?

Why College Students Are Prime Targets

Whether it's fraudulent credit card charges, compromised accounts or a new line of credit, data theft is a growing problem in this increasingly technological world, and college students are a particularly vulnerable group.

According to online security expert Peter Canavan, college students tend to be naïve and uninformed about how identity theft occurs – and what the consequences are. That lack of understanding makes them exceptionally vulnerable to the barrage of personal information requests that occur on college campuses, from credit card promos to entering sensitive information on public computers at the library. But that's not the only reason students are prime targets. Other reasons include:

Students don't fully understand online threats

Cyber threats are increasingly complex and evolve quickly, making it difficult for anyone to fully understand how to avoid them. Canavan notes most students are undereducated about online threats so they don't have effective ways to counter potential attacks.

They have lax cybersecurity standards

Even though many Americans say they're worried about data theft, Pew Research Center reports most don't follow cybersecurity best practices. Personal identity expert Robert Siciliano agrees, saying students tend to use the same password on every device and account. While that makes it easier for the student to remember logins, it also makes it easier for identity thieves to hack. Students can be sloppy with paper documents, too. The Department of Education notes that approximately half of college students receive a credit card application at least once a week. Instead of shredding pre-filled-out applications, many students toss them in the trash, making them easily recoverable by thieves.

They aren't financially conscientious

Aside from checking to see if they've got cash in their wallets, most students don't regularly review their finances, whether it's their student loan information or their checking account balance. That means fraudulent charges and identity theft can go unchecked.

They have clean credit reports

Few college students have bought a car or house, so they haven't had a chance to establish credit – or let their scores go south. Their good track record makes credit approvals a breeze which is ideal for identity thieves. For students who haven't tried to apply for credit, the problem can go undetected for years.

They live close to others

The dorm is a hive of activity, with students constantly coming and going. When you're excited about meeting new people and settling into a new environment, protecting yourself from data theft is the last thing on your mind. As a result, students tend to leave devices unsecured, online accounts open in browsers or mail lying around – but that all opens the door to data theft.

They use multiple devices

Teens and college students are connected at all times, across numerous devices and networks, which can compromise their online security. On top of that, students usually don't check if they are using a secure network especially when in search of free Wi-Fi, making it easier for their information to be stolen.

They love social media

College students typically have a large presence on social media, says Siciliano. They report on their day-to-day activities, they check-in everywhere and tag locations, and may post personal identifying information publicly. This activity makes it easy for hackers to grab all kinds of sensitive information.

Common Online Risks

Teens and college students' typical online activities can leave them exposed to potential data breaches. Below are the most common online risks teens and young adults face, along with advice from Canavan and Siciliano on staying safe.


From back-to-school supplies to shoes and clothing to groceries, online shopping is big among students. But this convenience can come with risks if you're not careful:

  • Never shop on open Wi-Fi networksOpen Wi-Fi networks make it easy for hackers to hijack credit card and other personal information. Before making a purchase, make sure you're connected to an encrypted, password-protected network.
  • Make secure paymentsDon't make direct transfers to make a purchase. Also avoid using your debit card because it may be linked to other financial accounts and it could take weeks to get money back for fraudulent charges. Instead, use a credit card or, better yet, a secure payment site such as PayPal. Both offer fraud/purchase protection in case something goes wrong, and when using PayPal, sensitive financial information isn't sent to the seller.
  • Watch out for fake storesIf you're shopping online at a store you've never shopped at before, review the seller's privacy policy, return policy and contact or about us page. If you can't find a physical address or contact information or if any information is questionable, don't purchase anything. You can also useWHOIS.netto verify the administrative contacts. Lastly, before entering payment details, make sure the site is secure. A secure site's URL will start with https:// (not https://). This means the information you enter into the site is encrypted.
  • Be wary of online advertisementsFrom newsfeed ads on Facebook to display advertisements on The Huffington Post, we're barraged with online ads every day. Some of these advertisements are not legitimate even though they appear to be. Once clicked, users may be asked to fill in personal information that hackers and other malicious users can steal.


Students use email every day. Canavan recommends students develop good email habits and know how to spot potential problems. Phishing scams can be creative and sophisticated, and they're constantly evolving. Fraudulent emails often appear legitimate, as if they came from your university, a campus-related organization, your bank or even a friend's account.

  • Check the subject lineBe wary of subject lines with a sense of urgency, says Siciliano. “Your account is about to be suspended” is a common subject line that gets users to click a link to a nefarious site.
  • Don't click on linksBoth Siciliano and Canavan say students shouldn't click on links inside of emails, even if it's to “unsubscribe”. Hover your mouse over the link first. If the URL is different or questionable, assume it's a scam, says Siciliano. If it's your bank saying there's an issue, log in directly on the bank's site instead of clicking the link in the email.
  • Check the sender's email addressSpammers can easily use a recognizable name such as your favorite brand or store in the “from” field. Before opening the message, hover over the name in your inbox to see the full email address. If it doesn't match up, send the email to your trash or flag it as spam.
  • Use the phoneIf you receive an email from a bank, credit card company, Amazon, PayPal or your college that warns your account has been compromised, call the organization directly. “Do not call the number in the email,” says Canavan. “Instead, call the number on the back of your bank card or look up the information online.”
  • Don't open attachmentsUnless you're positive the email and attachment are from someone you know and trust, don't open any attachments sent via email.


According to thePew Research Center, 88% of 18-29 year olds use Facebook, 59% use Instagram and 36% use Twitter. Social media is a top form of communication among students, but it can also be a gateway to scams, phishing and other online threats if you don't follow a few sensible guidelines.

  • Don't share sensitive informationNever publish identifying information – home address, birth date, phone number, Social Security number, banking information, etc. – on your profile or when signing up for an account. It's also a good idea to avoid using personal information, including your full name, when choosing a username.
  • Lock down the security settingsDon't rely on default security/privacy settings because they usually make everything public. You can limit who can see your information, find you through search, access your posts and pictures and more. Make sure to check these often too – features can change and affect your preferences or new security settings may be added.
  • Verify requestsMalicious users can impersonate people you may or may not know and send requests to connect. Before accepting these requests, verify the sender's information to ensure they are someone you know or trust.
  • Think twice before postingFrom comments to photos to tweets, everything you do and say online lives forever so think twice before posting something potentially harmful to yourself or others. What's acceptable? Siciliano suggests students imagine their social media accounts can be viewed only by future employers, future in-laws and gossipers before they post. Will your reputation remain intact after they scroll through your activity? If not, you might want to reconsider.


In-person meetups with someone you met online is common among teens and college students but sometimes things don't always go as planned. Whether trying to buy a couch on Craigslist or using a dating app, students need to play it safe.

  • Meet in a public placeAlways meet someone for the first time in a public place like a coffee shop or restaurant.
  • Tell a friendTell a friend or family member about the meeting as well as details about the person (name, phone number, photos and any other additional information you have).
  • Don't get too personalWhen online dating, don't give out too much personal information until you really get to know the person.
  • Be discreetWhether posting a for sale ad on Craiglist or creating a profile, don't use your full name and don't include any identifying information.
  • Use a throwaway email addressWhen selling goods online or registering for a dating site, don't use your personal email address. Create a new one and only use it to communicate with those you don't know.
  • Do your own researchDating sites don't run criminal background checks on users. Before agreeing to meet someone, do your own online research to learn more about the person and to determine whether it's safe to meet them. Review their social media accounts, see what public records are available and try a Google image search to verify profile photos.
  • Don't respond to requests for moneyAny request for money, even from someone you've been chatting with for a while, is a red flag. Don't fall for sad or elaborate stories and always keep your financial information private. If someone asks you for money, report them to the dating or online service and cut off contact immediately.


Online job boards and postings are convenient ways to find that perfect summer job for a teenager or internship for a college junior. But online job hunting has its own cybersecurity risks that students should be aware of.

  • Don't share personal informationAs mentioned before, don't share private information on your resume or on applications, such as your date of birth, bank account information or passport number.
  • Watch out for phishing emailsEmployers or recruiters may send out emails claiming they've seen your resume on a job site, such as LinkedIn. Review those emails carefully before clicking on links or viewing attachments to ensure they don't take you to a fraudulent site or job posting.
  • Watch out for fake job postingsDoes the job description guarantee a particular wage or salary? Are you required to pay for a credit or background check as part of the application process? These are just a couple warning signs that the job posting is a scam. Review the site domain, the employer and URL before submitting any information, and if anyone asks for personal information or if it sounds too good to be true, there's a good chance it's a scam.


Though not directly related to data theft, cyberbullying is a concern among teens and college students. According to2015 research, 3.4 out of every 10 students reported being cyberbullied during their lifetime. Here are some tips for handling cyberbullies:

  • Don't respondIt's easier said than done, but don't engage with cyberbullying threats or comments. Instead, ignore them and use your security settings to block the person.
  • Save the evidenceIf blocking the person doesn't work and the bullying continues, take screenshots of harmful comments or posts and show them to someone who can help and intervene such as a parent, counselor, teacher or professor.

Read ourguide on cyberbullyingfor more information and resources.

12 Things You Can Do Now to Stay Safe Online

Whether on campus, in a computer lab, in a dorm room or studying at a café, college students should be proactive when it comes to protecting their information and identity online. Here are 12 general safety tips from our cybersecurity experts to help students protect themselves from online threats.

1. Don't use unknown, unsecure wireless networks

According to Siciliano, not all college campuses offer secure Wi-Fi networks, and even the latest antivirus, firewalls and anti-phishing software can't prevent all online attacks. “Never connect to unknown, unsecure (open) wireless networks,” advises Canavan. “Any data transmitted across an open network can be easily seen and stolen.” To stay protected, only use an encrypted network, such as WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) or WPA2 (Wi-Fi Protected Access II). These networks all require you to enter a password. But even if a network requires a password, other users can still potentially view sensitive information so be cautious. If you're connecting to an unknown network, your best bet is to use a reputable Virtual Private Network (VPN), which funnels your internet connection through an encrypted server.Gizmodohas a field guide on how to stay safe on public Wi-Fi for more details.

2. Use strong passwords on all devices

“While it's certainly convenient to not password protect your mobile phone, laptop and other devices, it's also an identity waiting to be stolen,” says Siciliano. He recommends college students put strong passwords on all their devices – and not share them with anyone. Your birthday or address may be easy to remember, but they aren't the strongest password options. The best passwords have at least 12 characters, and combine letters, numbers and special characters. “They're basically uncrackable at that length and complexity,” Canavan says. To help, there are programs available that generate complex passwords for you – and store them so you don't forget any. Examples includeNorton's Identity Safe Password GeneratorandLastPass.PCMagevaluated dozens of password managers and curated a list of the best options. Students should also avoid using the same password for multiple devices or accounts, and change them frequently – Siciliano recommends a time frame of at least every other month.

3. Use two-step authentication

Sometimes even complex passwords aren't enough. Many sites and services offer two-step or multi-factor authentication to prevent hackers from accessing your accounts. Two-step authentication usually involves an extra step, such as entering your password and then a verification code that's sent to your mobile phone. These extra steps may sound like a hassle, but they make it more difficult for unauthorized users to get to your data.

4. Use antivirus, anti-phishing and anti-malware software

Look for products that offer multilayered protection that goes beyond viruses, such as spam filtering or firewall protection.Norton Antivirus Basic,McAfee Antivrus Plus,Bitdefender Antivirus PlusandKaspersky Anti-Virusare some of the top performing options available. Students can select a single subscription that allows them to install it across all their devices, regardless if they're using a Mac or Windows. Canavan notes, however, students also need to make sure these programs are always up-to-date. Siciliano adds that students should also keep their device firmware up-to-date and shut off non-essential devices when not in use.

5. Back up your data and accounts regularly

Because there are numerous threats to a college student's online safety, Canavan says preparing for an attack is crucial. He recommends college students regularly back up their data, email accounts and other online systems, so they can recover their information if necessary.

6. Review your bank and credit card statements monthly

According to Siciliano, many people think thieves will empty their bank accounts after stealing their identity or accessing their accounts. That's possible, but in most cases thieves avoid detection by withdrawing small amounts of money over a long period time. That means students need to keep a watchful eye on their statements. “By checking your credit card and bank statements monthly, you can catch any suspicious charges and report them to your bank immediately,” says Siciliano.

7. Think twice before giving out personal information

It can't be stressed enough and both Canavan and Siciliano strongly emphasize this recommendation – don't be quick to give out any personal information. Banks and student loan companies won't ask for personal information via email. Fraternities and sororities don't need your Social Security number for identification. If you do receive such a request, Canavan advises contacting the business or organization directly to verify what information they want and why it's necessary for them to have it. “It's our policy” isn't a good enough answer.

8. Don't forget to protect your offline information too

Not every precaution is high-tech. Both Canavan and Siciliano highly recommend students keep a close watch over their physical bank cards and PIN. Says Siciliano, “The PIN is the gateway to a bank account and thieves want it.” Students should cover the PIN pad when entering their code and never lend their card to someone else. And if you accidentally leave a card somewhere, call your bank immediately to put a temporary hold on it or cancel it all together (and request a new one). Some banks allow you to do this quickly and easily via their app.

9. Keep personal documents in a safe place

Although dorm rooms are places where students can feel safe and secure, students should still be vigilant. Keep documents with personal information – such as bank statements, medical records and tax forms – in a secure, hidden location. Better yet, leave them at home with the parents.

10. Shred paperwork and documents

It's easy to let mail pile up and eventually chuck it in the trash, but anything with personal identifying information, such as bank statements, credit card offers or drug prescriptions, should be shredded first. Separate the shredded material into multiple batches before recycling or placing in the trash.

11. Be smart about internet browsing

Attackers target security weaknesses in browsers, plug-ins and extensions. To keep your data secure while browsing the internet make sure you're using the most up-to-date web browser, don't use autofill for sensitive or personal information, disable or clear cookies on a regular basis and don't download files or programs you don't recognize.

12. Be extra careful when using a computer that isn't yours

Although you may carry your smartphone or laptop with you on campus, you could still find yourself using a computer you don't own. Whether at a library workstation, in a friend's apartment or in a laboratory setting, when using a computer that isn't yours don't save any passwords, log out of all accounts, clear the browser history or browse incognito, and lock the computer if you need to step away.

What to Do if Your Identity's Been Stolen

Even when taking precautions, identity theft can still occur. If the worst-case scenario plays out, and you suspect your identity has been compromised, Canavan offers six steps to take immediately. He also notes the Federal Trade Commission has numerous resources for keeping your identity safe, as well as additional steps to take if your identity is stolen.

  1. Notify the institutionContact the institution (bank, credit card company, etc.) where the fraud occurred to report that your identity or personal information has been stolen. However, make sure you're the one to initiate the conversation – if you receive a call or email telling you your information has been stolen, don't give out personal information or click any links.
  2. Close or freeze your accountsEnsure that the compromised account is either frozen or closed immediately, and that any new accounts be flagged for possible fraudulent charges in the future.
  3. Change all your passwordsIf one account is accessed or your Social Security Number is stolen, you should change passwords for all your accounts (e.g. ATM PIN, bank login, credit card login, etc.), as well as the passwords for your devices.
  4. Place a freeze on your credit reportsContact each of the three major credit reporting agencies (ExperianTransUnion and Equifax) to notify them of the identity theft. They can place a fraud alert in your file that protects against future charges impacting your credit rating.
  5. Dispute unauthorized charges as soon as you notice themMonitor all your accounts (not just the one suspected of being stolen) for unauthorized activity. Dispute any entries on your credit reports that are a result of identity theft.
  6. Contact law enforcementNotify your local law enforcement office about the identity theft crime. Although they will let you know what specific information they require, as a first step be prepared to show proof of the theft (e.g. statements, bills, etc.), your identification and proof of address.

Viruses, Spyware & Malware

Cybercrime can take a multitude of forms, and keeping current with its many disguises is a tough job even for experts. Students can arm themselves with some basic knowledge, though – and even basic preventative steps are better than doing nothing at all. For starters, it's helpful for students to familiarize themselves with the range of malicious software programs designed to steal personal information. Here's a partial list of important terms to know:


Adware, typically in conjunction with spyware, launches advertisements on your web browser.


A flaw that exists in the source code of a device or program, and that can be exploited by outside parties.


A piece of software, or a hardwired device, that can record anything typed into a computer, including names, passwords, web addresses or other pieces of personal information.


An all-encompassing term for software that is installed on a personal device or computer and executes unknown or dangerous tasks, such as stealing passwords.


A type of software that can take control of a device or data. To regain access to the document or device, thieves demand a payment.


A type of software that allows outside users to remotely access and control a computer or device, allowing them to conduct malicious activities, such as steal information and make changes to software.


A type of hidden software that collects information on a device, including passwords, browsing habits and a computer's IP address.

Trojan horse

A type of malicious code hidden within a piece of standard software or application that can wreak havoc later when released.


A type of software that is self-replicating and can spread to other computers or network systems, attacking them by deleting files and installing adware.


A common type of malware that causes a range of issues across networks, such as limiting access or slowing down network bandwidth.

Keep up with the latest

Never miss a detail on the news, trends, and policies that could directly impact your educational path. is an advertising-supported site. Featured or trusted partner programs and all school search, finder, or match results are for schools that compensate us. This compensation does not influence our school rankings, resource guides, or other editorially-independent information published on this site.

Do this for you

Explore your possibilities- find schools with programs you’re interested in and clear a path for your future.