With college students facing issues such as phishing or identity theft, some university and college security departments are incorporating different strategies in order to raise awareness of cybersecurity issues.
The number of individuals reporting identity theft in recent years has increased, and according to Consumer Reports, college students are more susceptible to identity theft than any other age group. Additionally, according to a report from the Federal Trade Commission, student loan identity theft increased in 2017 and 2018.
One of the common ways identity thieves accomplish their task is through email phishing schemes. Such schemes involve sending the target a fake email with the intention of attempting to convince the target to input personal information. However, college security and information technology organizations have begun to realize the dangers such issues pose to students — who often are not always aware of the dangers of identity theft.
“The younger generations are much more willing to freely give away their information,” said Joel Garmon, chief information security officer at the University of Pittsburgh. “At this point in their lives, they don’t feel they have the need to be guarding it, so they’ll sometimes hand out anything or everything. Their willingness to give out information — many times needlessly — is a big hurdle.”
Pittsburgh is using unique methods to raise awareness among students about phishing schemes and identity theft. Garmon said each Halloween, at the end of Cybersecurity Awareness month, the university puts on a haunted house that students can only gain access to if they attend various stations where they can participate in activities related to cybersecurity awareness. Such activities included information on secure password creation, identifying phishing schemes and privacy measures.
Garmon said one of the biggest concerns when raising awareness is that students coming out of high school are often less familiar with using email than expected, as younger students are more frequently using other methods of communication. Garmon said this leads to new students being more susceptible to phishing schemes.
“When we get a lot of freshman students in, they don’t know much about email,” Garmon said. “They aren’t familiar with the appropriate protocols all the time.”
Part of efforts to stem identity theft is simply informing students of threats in advance. Orlando Leon, chief information officer at Fresno State, said the university sends out notices in conjunction with the student government association warning students of potential cybersecurity threats. One recent threat has come in the form of a phishing scheme — a message to student employees from their supervisors appearing to offer an Apple iTunes gift card. Leon said in an email that Fresno State has also launched an information campaign.
“The division distributes fliers at key events involving students, especially incoming freshmen,” Leon said in an email. “The information focuses on how to minimize the threat of identity theft and provides key resources to contact in the event they become victims. Technology Services considers this to be more than a campaign, but a way of life given the enormity of recent cybersecurity threats worldwide.”
Ellen Keohane, chief information officer at the College of the Holy Cross, said Holy Cross has started using a method called “self-phishing” in order to help students identify potential phishing schemes. Self-phishing involves the university creating fake phishing schemes based on the templates of real ones and seeing if students fall for it, and informing them of how they can better identify schemes in the future. Keohane said it was first tried out on faculty and staff to protect university information, but that the college implemented it with students in order to help their awareness of cybersecurity.
“Students aren’t yet as concerned about their credit rating when they’re young,” Keohane said. “So it’s a little harder at the beginning to explain the benefits of these programs to them. In general young people are more trusting and don’t think about the security or privacy aspects of things.”
Keohane said after the self-phishing program was implemented on college employees, they saw a noticeable improvement in the number of employees who fell for the ruse, and the same can be said for the students. Keohane said the college is also implementing a two-step verification process for emails in order to help ensure security.
“We always tell students, who are so immersed in technology, to slow down,” Keohane said. “When you see an email, you want to click on it right away, but stop and consider the circumstances. The way all of us use technology is too quick, and that’s how you get in trouble and fall for phishing.”