Phishing: how to avoid risks and stay safe online

The student’s view

After reading a number of worrying reports online about phishing attacks on students, I want to make sure that I don't fall victim to them while registering for my degree course and organising my student loan and university accommodation. 

I’ve been sharing a lot of sensitive, personal and financial information online, organising things such as accommodation deposits and setting up a new bank account for my student loan, but I’m aware of the threats posed by hackers and have taken steps to protect myself. I make an effort to check that websites are secure, try not to use public computers or wi-fi and have downloaded free two-factor authentication software. I want to encourage my fellow students to do the same.

While universities try their best to protect students, it’s inevitable that some unsolicited emails will bypass spam filters, resulting in students’ personal emails, which have been registered with student loan sites, being targeted. Students must be aware of these threats and be mindful of the best ways to mitigate such targeted threats.

Carrying out cyber security basics, such as keeping devices up to date, using strong passwords and not clicking on nefarious links, means that students will have the best chance of staying safe from attackers.

Charlie Dunne is a first-year modern languages student at the University of Birmingham.

---

Four things you need to do to survive university

---

The expert’s view

Term time is now in full flow and students are settling into their new surroundings. For many, this is their first time away from home and the first time they have control of their own finances, including responsibility for their student loans. 

The process of obtaining student loans and grants requires individuals to share masses of personal data about themselves and their guarantors, who are usually their parents. It also means that they register with multiple new websites, make new friends on social media and sign up to various freshers’ events, all of which present an opportunity for opportunistic hackers to steal personal details.

Students must stay vigilant to the phishing risk as attacks become more targeted and sophisticated, especially in light of a new report from Get Safe Online revealing that young people are more than twice as likely to fall prey to online scams as the older generation.

One of the best ways in which students can protect themselves from falling for phishing attacks is by staying vigilant online and incorporating good cyber security practice in their online activity.

For example, creating strong passwords that are not reused across several accounts and deleting any unsolicited messages that ask for passwords or personal data in emails are basic steps of good practice online.

This is now more important than ever because of the evolution of phishing attacks that have been specifically tailored towards students. Typos and obvious misspellings used to be clear indicators of a phishing email, but today’s phishing emails are more sophisticated in appearance.

To stand the best chance of not falling prey to phishing attacks, students must ensure they install security updates on the apps on their devices, as well as the devices themselves, such as smartphones, tablets or laptops, as soon as they are available. Many attacks delivered via phishing campaigns can target out-of-date systems or unpatched software.

In addition, students must remain alert when signing up to events. Universities have warned students in the past about this threat and hackers can easily set up a fake event page to harvest various details including email addresses and passwords. For example, a hacker can create a fake nightclub event page and ask for students’ details so that they’re guaranteed to be on the guest list. These details can be sold on the dark web. It’s important for students to be aware that most legitimate events are sponsored through the various student unions with their own official stamps and registered societies on campus.

Henry Seddon is the VP EMEA of Duo Security.