In interviews ahead of National Cyber Security Awareness Month, which runs through the end of October, cyber security experts—both here and abroad—said identity theft is a serious problem, which may require extra vigilance on college campuses. Identity theft can mean anything from users' online bank accounts being compromised to their E-mail accounts being hacked and used to mass-distribute spam.
"Universities are, by their nature, open, trusting environments. Nobody thinks that they will be subject to an attack, and that isn't just isolated to students," says Alan Woodward, a cyber security specialist and visiting professor at the University of Surrey in the United Kingdom. "Many academics fall for scams as well."
Students, who often over-share personal details on social media, are also targeted in phishing scams, where thieves impersonate legitimate companies, such as banks, in order to steal victims' login information and personal details. But Woodward and his colleagues have found that students just need some prompting to understand how to protect their identities. "By showing [students] specifics, they do tend to get it," Woodward says. "After all, they're not stupid, just inexperienced."
[Learn how to build your own free identity theft shield.]
To protect themselves, students shouldn't share login details with anyone and should refrain from posting private information—such as a full address, social security number, or date of birth—on social media, because thieves can use those to confirm identities, Woodward says. Students should also vary passwords between accounts, which shouldn't relate to their personal information, and avoid saving passwords or PIN numbers online or on their computers or phones, he adds.
"Laptops and phones get stolen all the time," Woodward says.
Even if students are vigilant, some threats are beyond their control, particularly if their colleges don't effectively protect their databases, warns Don Rebovich, a professor and the executive director of the Center for Identity Management and Information Protection at Utica College in upstate New York.
"Many colleges have strong security protection to keep out hackers, but some still have not kept up with new technology used by computer criminals," he says. "That is a serious vulnerability and puts students' identities at risk."
[Read about warnings signs of identity theft.]
Students can control other aspects of their digital lives, however. They should update the security protection on their computers and use firewalls, which protect computers from external attacks, Rebovich says.
"Many students get caught up in studying, homework, and social activities and leave computer security protection as a low priority," he says.
That's consistent with data that Travelers, an insurance company, gathered from decision makers at educational institutions in the United States—50 percent of whom cited theft in general as the "greatest hazard" on college campuses.
Students need to know that identity theft tends to occur in a "traditional" manner, such as a stolen wallet, rather than an online account being hacked, says Joe Reynolds, the product manager for identity fraud at Travelers.
[Learn how to safeguard your child's social security number.]
Students should properly discard mail, and only share credit card information (excluding the security code on the back of the card) over the phone with vendors they trust, he adds. Losing an ID or running up a tab at a bar, leaving a laptop or mobile phone unattended in the library, or living with or hosting an unreliable roommate or guest can also be red flags.
That's one reason that students should always keep their room or apartment door locked, even when they are home, says Ken Chaplin, the senior vice president of marketing at ProtectMyID. The website is affiliated with the international information services company, Experian.
"Most identity theft still occurs in mundane, nontechnical ways, like a wallet being stolen from a drawer or a purse taken from an unlocked room," he says.