(Credit: Zain bin Awais/PCMag Composite;Lemon_tm/BongkarnThanyakij/Philip Rozenski/Brothers91/via Get)
A long time ago, at a university not so far away, my biggest fear as an incoming college student was gaining the dreaded “freshman fifteen.” These days, students have a lot more important things to worry about, as scammers are targeting them in so-called “freshman fraud” schemes online.
“Universities have become trophy targets for cybercriminals,” said Marijus Briedis, chief technology officer at NordVPN. That’s due in part to the perceived naivete of young people who are living away from home for the first time. Scammers see college kids as easy targets for financial fraud, romance baiting on dating apps, and phishing attempts.
“An attack on a major institution guarantees media coverage, shows off the hacker’s skills, and exposes thousands of students and staff at once,” Briedis explained. “A single unchecked incident can escalate into a large-scale breach.”
According to NordVPN researchers, 109 breaches hit the global education sector in the last two years. 80 of those attacks affected colleges and universities. Hackers exposed email addresses in all of the breaches, while passwords and phone numbers made up nearly half of the stolen data. The hackers didn’t stop there, either, as 14% of the breaches revealed social security numbers.
To learn how parents can protect their kids from scams while they’re away from home, I spoke to Gary Orenstein, chief customer officer and resident “digital security dad” at Bitwarden. He told me that he picked up several digital security tips from the school safety office while dropping his children off at college recently. I’ll describe some of the scams that are specifically aimed at college students, followed by Orenstein’s tips for avoiding them.
Watch Out for These Scams Targeting College Students
Unfortunately, it’s really easy for scammers to contact college kids online. Universities are collaborative spaces, with online portals and special .edu email addresses. This makes communication a lot easier between faculty and students, but it also makes the school a prime target for online criminals. Here are some online scams frequently encountered by college-aged people.
(Credit: Jacob Wackerhausen via iStock / Getty Images Plus)Phishing Attempts
Orenstein said that the safety officer at his child’s university told him that student emails shouldn’t be considered totally private. “People know what the syntax is for a student's email address. First name, last name, you have it, “ he said. “They warn students to be aware that your school email is a target, just like your own personal email is a target.”
Scammers like to flood university mailing lists with spam emails containing phishing links. Sometimes these links contain malware that can infect your computer or the university’s network. Other phishing links lead to malicious websites where your kid can download apps that are essentially spyware or enter their banking information.
Internship or Job Offer Scams
Another popular scam you might see is fake job offer schemes. Scammers contact college students via email, social media, or text messages and offer them much-needed internships or job opportunities.
Here’s how the scam works: You click on a link and are taken to a web form where you input sensitive information like your phone number, physical address, or social security number. The scammer then collects all of that information (and sometimes charges you a "processing fee") and then disappears with your data and money.
Dating and Romance Scams
For many people, college is about a lot of firsts: your first time living away from your parents, your first time opening a bank account, and your first time wading through the dating pool. Apps may make finding a date a little easier, but those spaces are also overrun with scammers looking to prey on people who are looking for love.
In recent years, we’ve seen an uptick in dating scams on just about every app available, as so-called “romance baiters” lure in victims with flirty messages, and then convince them to hand over large sums of money. Sometimes the messages are requests to cover fake expenses, like asking you to buy a $500 plane ticket to meet in person. A scammer may also resort to sextortion and lure you in with promises of romance before threatening to blackmail you by sending private conversations to family members, friends, or school officials if you don't pay up.
Remember: Never give money to anyone you haven’t met in person. For detailed advice on detecting and fending off romance scams, see our story on dating app safety.
Deepfakes and Other AI-Assisted Fraud
The rise of AI brings with it new, more innovative scamming techniques. For example, Orenstein said, “Sometimes tickets to the football game can be hard to come by, and the scams around football tickets are rampant.” Scammers can use AI tools to generate fake football tickets or even fraudulent ticket-selling websites, and then the criminals sell the fakes at ridiculously high prices.
AI tools can also make incredibly accurate deepfakes of people you know, too. Using audio or video from YouTube, TikTok, or a Twitch stream, scammers can create AI versions of people who are familiar to you and trick you into buying fake concert tickets, for example. They can also ruin your spring break plans by using AI to create fake vacation listings on popular booking websites.
How to Fight the Freshman Fraud Epidemic
(Credit: SDI Productions via E+/Getty Images)Orenstein told me that the best way to avoid all of the scams above is to make smart internet hygiene part of your life. “We all know we need to watch what we eat, watch our exercise, keep up our mental well-being, and touch some grass, “ said Orenstein.
“When it comes to your online life, you need to put energy into being organized and making sure that you have a safe place to store and keep track of everything.”
The easiest way to establish safe online habits is to make everything as simple as possible. Below, I’ve included online hygiene tips that Orenstein shared, along with some easy-to-follow advice to avoid online scammers who prey on new campus arrivals.
Use a Password Manager
It’s a good idea to invest in a family password manager plan, so that you can easily get passwords for shared streaming accounts and store important documents, room key codes, and anything else that is a little too private to be sent from home or back to your parents as an email attachment.
Orenstein told me that when his daughter needed her birth certificate, for example, it didn’t take long for him to upload it to a shared folder within his family’s Bitwarden vault. “I said to her, ‘Give me five minutes.’ And there it was. I didn't have to email it and worry if she deleted it or erased it,” he said.
A password manager also helps to protect your accounts because it means you don’t have to remember your passwords. The app will generate new, unique passwords for all of your accounts, making it a lot harder for criminals to crack the codes and get inside. Also, data breaches happen every day, so if a service you use is hacked, a password manager makes it easy to change your passwords and then go about your day without panic or stress.
You can also use a password manager to enable multi-factor authentication (MFA) for your online accounts. Most of the password management apps I’ve tested include an authentication token generator for mobile devices. If you don’t want to use a password manager, you can verify your identity using an authenticator app, like 2FAS, a hardware security key, biometrics like a face or fingerprint scan, or even a phone call. Tip: If a website lets you create a passkey, you can use it to log in instead.
Update Devices Regularly and Review Privacy Settings
Criminals can access devices by exploiting out-of-date software. Combat hacks by enabling auto-updates for your devices and making sure their security patches are up to date.
It’s also a good idea to review the privacy settings on your computer and phone. From the Settings menu on all of your devices, you can filter spam calls and block scammy text messages. You can also set up your device's built-in tools to locate or wipe it remotely in case it's lost or stolen.
Stay Vigilant Offline and Online
Speaking of lost or stolen phones and laptops, it’s important to know where your internet-connected devices are at all times. “Many colleges have safety offices where you can register items like a phone or a laptop," Orenstein said.
If you ever get a bit forgetful and leave your laptop in the library or drop your phone in the dining hall, the university can track it down for you. Orenstein also recommended affixing external labels on all devices so that if someone finds your computer or Chromebook, it can be returned quickly.
As mentioned above, you'll likely share a lot of information over the university network. Remember to always log out of shared devices at school, like a library computer or a lab device.
Finally, many colleges and universities offer digital security, internet hygiene classes, and security software through their campus IT departments.
See Something? Say Something
Finally, report suspicious online activity to the university IT department or the administrator’s office. Rather than troubleshooting, seek help from professionals to solve a potential problem.
After reporting the incident to on-campus authorities, you should contact law enforcement or a government agency. They may not be able to help out right away, but reporting scams helps authorities build cases against criminals over time.
If you fall victim to a scam, don’t worry, you’re not alone. Lots of people are affected by online scams, which is why we have compiled a few simple ways to get your life back on track while recovering from financial fraud or another kind of online scam.