Scammers are sophisticated about stealing personal data, and to combat them, everyone needs to become more sophisticated.
Many college students, despite living in a generation that has grown up with this technology, still have a limited amount of information when it comes to protecting their personal information online.
The National Cybersecurity Alliance (NCA) says that backing up storage, keeping devices updated regularly, locking your laptop and phone if you walk away, cleaning up your digital footprint and remaining alert and aware are all good habits for college students.
Blind spots to one’s online safety could prove dangerous, especially in a space that is evolving rapidly.
Ronnie Scarpa, a cybersecurity major, said that using strong and unique passwords on top of multi-factor authentication for online accounts remains extremely important.
“One of the easiest ways to get your accounts compromised is by reusing your passwords,” said Scarpa. “It’s very bad, because once a website is compromised, the credentials used on that website are now public and now people can just use that same username or email or password on other websites.”
Scarpa recommends password managers such as Bitwarden for security.
“A password manager allows you to have a completely unique password for each website, and then the password manager keeps track of each individual password while you only need to remember one master password for all of them,” he said.
Tirthankar Ghosh, a cybersecurity professor, said, “You need to use multi-factor authentication on that master password, because if that master password is compromised, then all your passwords are compromised. The point is to keep everything in one place…How else would you remember 200 passwords? You should not be using the same passwords, especially not for banking or sensitive applications.”
In addition, multi-factor authentication is safer using app notifications. Since your text messages are all unencrypted, they could be intercepted by any third party.
Another misconception that exists is that Virtual Private Networks (VPNs), are necessary to encrypt your traffic at all times. While they can serve to hide IP addresses from your service provider, or defend you on public Wi-Fi if you visit an older unencrypted website, their uses are limited.
“The average person probably doesn’t need a VPN,” said Scarpa. “That whole idea that your traffic is unencrypted unless you use a VPN is a marketing tactic by the VPN companies. Most of your traffic is already encrypted and adding a VPN to add more encryption isn’t really making it more secure.”
But, if interested, Scarpa recommends the VPN Mullvad.
The surveillance company Flock’s role in license plate recognition, facial recognition and vehicle characteristics have been automated to know where you travel. In regards to privacy, international surveillance is just as prevalent as domestic mass surveillance. In 2024, the FBI urged telecommunication companies to boost network security following a large Chinese hacking campaign, giving officials in Beijing private access to an unknown amount of Americans text and phone conversations.
Kyle Markey, a student tech support coordinator, has been working in IT at the university for more than five years, and says a lot of people come into the office to ask questions, which he encourages. He talks to students about credit and debit card skimmers, which are placed over normal payment keypads in public to look like regular keypads without anyone knowing.
“There’s lots of scare tactics used now,” said Markey. “In general, scam emails may be easy to spot, a lot of them are full of things such as spelling mistakes, random colors and other red flags, but they’re starting to build up into websites. For instance, you might google HP support and click on a website that’s not HP. By putting in your information you actually download a virus.”
The emergence of artificial intelligence made the situation more complex in cybersecurity.
Even the most important information can be easily compromised, said Ghosh. He said that security locks in unfrozen credit reports can be compromised, information can be sold on the dark web, and new accounts opened using the names of unwitting people – all while tracking the perpetrators becomes more difficult.
Ghosh also said he does not worry about his Social Security or driver’s license number being stolen.
“It’s already stolen,” said Ghosh. “My Social Security is already compromised. So I think the idea is to accept that our confidential information is already compromised. It’s a risk management thing. The more you question, the more you know. If you question something that looks suspicious, you’re gonna learn about it. Be wary of everything.”
Information like this may seem overwhelming, but knowing and being informed remains important.
