SMS
RSS feeds
Reddit
Newsvine
A recent survey by CompUSA showed that a majority of college students do not follow good computer security practices — in spite of the fact that 88 percent of college students keep sensitive information for bank accounts and credit cards, as well as driver’s license and Social Security numbers on their PCs and laptops.
The survey, released in early July, aimed to gauge how susceptible student populations were to phishing. Forty-one percent of respondents, though, did not even know what phishing is.
According to Andy Solterbeck, vice president and general manager of the Commercial Enterprise Business Unit at SafeNet, Inc., phishing is “when someone who is pretending to be a trustworthy source attempts to acquire sensitive data or personal identity information, which could include credit card information, account usernames, passwords, or social security numbers. This is usually done over the Internet, through e-mail, instant message or pop-up messages.”
Phishing e-mails include the less believable request for one’s bank account number so that an alleged “distant relative’s attorney” can deposit $25,000,000 into one’s account, along with the more convincing, such as those that appear to be from major banking corporations, requesting verification of account information, a password or personal information.
According to the CompUSA survey, nine percent of college students admitted to responding to such emails, and another 21 percent said they had given or had been tempted to give sensitive personal information over the Internet when they weren’t confident in the security of the Web site.
Solterbeck, however, offered definitive advice for dealing with uncertain Internet communication.
“The most apparent sign that an email or pop-up message is fraudulent is simply if it asks for personal or financial information,” he said. “Legitimate companies will not ask for this information via e-mail. If you aren’t sure if the e-mail sender is the company they say they are, call the company on a phone number that you know to be true and verify that the e-mail came from them. Also, be cautious when downloading any files from e-mails, or opening attachments; avoid it if possible.”
In addition to avoiding e-mails requesting personal information, CompUSA listed several precautions for avoiding identity theft, such as changing banking and other passwords regularly, locking laptops and cell phones when unattended, and having credit card or billing statements sent home, not to a school address.
Identity theft occurs from mistakes in such areas, and even on Stanford’s secure network. A rising sophomore who preferred to remain anonymous recently experienced identity theft via the University’s Axess Web site.
“Someone, somehow, gained access to my Stanford Axess account and set up direct deposit without my knowledge,” the student said. “I found out in July when I tried to collect my first paycheck of the summer. The money was tracked to a bank account in Arizona. I knew that my personal information security had been compromised, so I had the payroll people shut down direct deposit, and they recalled the money. I got my paycheck about a week later, but of course I had my credit checked.”
The student said the incident has yet to be completely resolved, but the security breach was corrected.
“The Stanford IT people were great,” the student said. “After I got in touch with them, they shut down my Axess account for the weekend and reset my password. My laptop was also examined. I can tell that Stanford takes the electronic security of its network very seriously.”
Solterbeck also recommends, though, that colleges utilize a “two-factor authentication, which is a combination of something physical — a token, the modern-day equivalent of a key for your computer — combined with the standard login procedures, your password.
“To put it in another way, proper two-factor authentication includes both something you have and something you know,” Solterbeck added.
Stanford does not require such physical keys to gain access to secure areas such as webmail or Axess, with the only requirements being a SUNet ID and password.
In a changing world of easier access and communication, Solterbeck recommends the similar rapid development of security measures to protect students. He encouraged talking to University leaders, who “can make a real difference and save you from identity theft.”
“The survey confirms the growing vulnerabilities that exist on college and university campuses,” Solterbeck said. “These vulnerabilities will only worsen if the implementation of better information security at the university-wide level is not made a priority. Today, electronic services such as e-mail, instant message and online banking are the standard forms of communications for students. Students need to be educated on not only what to do if they fall victim to phishing or identity theft, but also on how to proactively protect themselves before cyber thieves get the best of them.”
Increased cases of identity theft have led the Office of the Inspector General at the U.S. Department of Education to establish a Web site, www.ed.gov/misused, dedicated to informing students and parents about identity theft. Victims of identity theft can contact the Office of the Inspector General’s Identity Theft hotline at 1-800-MIS-USED. Additionally, the Stanford Residential Computing Security Web site is available at http://rescomp.stanford.edu/info/security