eFraud Prevention.com - Creating security minded people

E-Learning Fraud Safety Courses

Card Safety College Students Home Network & Office Identity Theft Investing Mobile Phone / Text Online Shopping Phishing Scams & Hoaxes Senior Citizens Small Business Fraud Social Media Travel

College Student Safety Wi-Fi Networks

In order for a thief to steal a college student's identity, they must first obtain the necessary information which allows them to “become” the college student, at least in the eyes of lending institutions and other financial companies. How easy this task is depends on how vigilant a student is about protecting their personal information.

Pre-approved credit offers monthly. Those mass-mailed forms, usually partially filled out with the recipient’s information such as name, address, and other personal data is fantastic opportunity to steal a person’s identity. If the recipient is not interested in the offer and simply throws away the form, it is one of the most common documents used by identity thieves. By picking the offer out of the trash can, the thief can then fill in the rest of the blanks and send it in or simply call the toll free phone number provided on the form, allowing them near instant access to one aspect of the victim's identity.
Bank Accounts. Another manner in which identity theft occurs is when thieves get their hands on personal banking account information, such as a checking or savings account statement. Anyone who does not balance their account is at risk of incurring fraudulent charges, simply because they do not keep track of what charges are legitimate. Oftentimes, the thief steals by withdrawing money in small increments - not enough to stand out as a glaring error to the casual observer but enough to build up to a large amount over time.
Social Security Number. Another danger to college students is their Social Security Number. Many college courses require a student to use their Social Security Number to log in to websites used to post homework assignments and other course communications. The university may also use that number as an identifying number in the administration office. It is very easy to forget to exercise caution when using a Social Security Number, particularly when it is used so often. Lax computer security or evens something as simple as a criminal watching a student enter the number, allows a thief can quickly and easily gain access to the Social Security Number, which is the key to obtaining additional information about an individual.
Computers / Laptops / Tablets. Computers and laptops also pose a threat that many students don't think about. Many students use a laptop every day in class to take notes and organize coursework documents. But what if that computer is stolen? What would a thief find inside? Most students in today’s world use their computers to access online banking, pay bills, order merchandise, and communicate in just about every other aspect of their lives, too. If personal and account information is stored on the hard drive, the thief has instant access to very information that makes it possible for them to assume the student's identity.

Of course, students also shouldn't overlook one of the most common ways to steal someone’s identity - stealing a wallet, purse, or backpack. This can even occur in the student's dorm room, particularly if parties or unfamiliar guests are common, and they usually are in college dorms. Students should exercise the same security at home as in any unfamiliar environment.

How students can protect against identity theft:

Lock your door. This is the single most important way to keep your computers secure.
Don't assume your desktop computer is safe. Invest in some inexpensive cables designed to tether the CPU to something immovable in the room.
Use password protection. Adjust your computer settings to prompt for a password anytime the computer is used. Change that password from time to time.
Don't reveal too much. Social networking sites may ask for your birth date, but birth dates are a boon to identity thieves. Likewise, do not reveal any other personal info on these public sites, or in response to any e-mail requests for your Social Security number, credit card numbers, or other data, even if it's from a familiar-sounding company. Always err on the side of caution. For example, if you receive an e-mail that says it's PayPal and wants to verify your credit card number, call PayPal directly from the number listed on its Web site - NOT from any information in that e-mail. If you simply send your credit card number in response to that e-mail, you could find yourself stuck with a maxed-out credit card and a host of negative credit report problems.
Keep thorough records. If your laptop is stolen, can you provide a full description for the police? Write down your computer's make, model, color and most importantly, the unique serial number, which acts as a key identifier, much like the vehicle identification number (VIN) on a car. You might also need this information in case you want to file an insurance claim.
Install a tracking device. Use a GPS tracking device that runs invisibly on the computer to relocate the stolen property.
Use a multi-layered security approach. Consider software that provides permanent tagging, GPS tracking, covert data recovery, remote data deletion, stolen property tracing, and property registration.
Start shredding. Search and preview the personal data (both your data and anyone else's data that might be on your computer), including credit card numbers, Social Security number(s), birth dates, tax returns and financial aid documents, on your computer. You then have the option to digitally shred, encrypt, or redact that information, depending on your needs. Students can also find free digital shredder software online.
Contact your college's IT department about network security. Many colleges provide security software or other services free to their students. Before you purchase a specific computer protection system, check with the IT department of the college to ensure that system is compatible with the college's network, or you'll be tossing money out the window.

Crimes that target college students:

The tuition scam. The fraudster calls or emails a student, claiming to be from the college admissions department. Sometimes the crook spoofs IDs to make it look like he's coming from a legitimate organization. The scammer claims the student's tuition fee is late and claims the student will be immediately dropped from classes if a payment isn't made immediately by credit card. Students need to hang up immediately on such calls and contact the college's admissions department directly.
Bad behavior. Students are notorious for their hard-partying, free-spirited lifestyles in college. But behind every smartphone is a camera that can photograph and videotape embarrassing indiscretions -- which can later be used against the student to extort money. There are people who will pretend to like you but are actually setting you up for blackmail. Students should think twice about their actions while at college - especially if they're drinking.
Fake credit cards. Some credit card offers are fake, aimed at getting naïve students to hand over personal information - or lure them to sites that have malware or add malicious software to the student's computer. The credit card world is laden with scams, and college students, being new to the credit game, are particularly susceptible. Be wary of signing up for cards from issuers you’re not familiar with–and not only credit cards, but prepaid debit as well. You risk the chance of relaying information to a phony lender and potential identity thief. And even the card is actually available and functioning, you need to be exceedingly cautious about hidden fees and unreasonable rates. Know what to expect from a credit card. If you see an APR of 25% or more, or an annual fee of $30 or more, you should be concerned.
Passwords. Everyone knows they should never use simple or easy-to-use passwords on email accounts or other sites and never use the same password on multiple sites. But students need to be particularly savvy about where they store those passwords, as leaving them on smartphones and laptops in college dorms make them vulnerable to theft.
Advance Fees. If someone offers to find a student a loan, job, scholarship or other service for a "fee," it's likely a scam. This is particularly true if the scammer says a "scholarship is guaranteed or your money back" or claims "you can't get this information anywhere else" or insists on a credit card to "hold" the scholarship. In general, the higher the fee, the more suspicious the person should be.
Online books. Never buy books online without first checking out reviews or talking to friends to validate the site or seller. Books are drastically discounted in this con. Thieves steal your credit card information when you submit your order online, and the books you order are never delivered. Remember to make online purchases only through a reputable, secured website.
Non-existent Apartments. Never agree to rent an apartment without seeing it first - both inside and outside - and meeting with the landlord. This scam is simple: Offer a great apartment, collect rent or a deposit over the phone for a place you don't own, and then disappear.
Check cashing. In this scam, a "friend" asks the student to cash a check for him - and might even offer to let the student keep some of the cash for the trouble. Once the check is deposited, it bounces, and the student is out both the money and a returned check fee.
Wi-Fi. College students, more than anyone, spend mountains of time online via Wi-FI at coffee shops, restaurants and parks. Hackers and thieves prey on them by setting up an alternative Wi-Fi site - often dubbed a "man in the middle" site - that looks similar to the main site but is actually a scammer trying to get students to connect to their site where they steal a person's information.
Social security number. Never Give Out A Social Security Number - Students are often too trusting and open, and geared toward answering questions and information. If someone's credit card is stolen, it can be canceled and a new card issued. But if a Social Security number is stolen, the repercussions can last a lifetime. When a scammer gains access to your social security number, they have an option on your life and you have to look over your shoulder for the rest of your life. "
Spear phishing. Emails are being sent to university employees that appear to be from their employer. The e-mail contains a link and claims some type of issue has risen requiring them to enter their log-in credentials. Once employees provide their user name and password, the perpetrator accesses the university’s computer system to redirect the employees’ payroll allocation to another bank account. The university employees’ payroll allocations are being deposited into students’ accounts. These students were hired through online advertisements for work-at-home jobs, and provided their bank account information to the perpetrators to receive payment for the work they performed.
Check fraud. Scammers are posting online advertisements soliciting college students for administrative positions in which they would receive checks via the mail or e-mail. Students are directed to deposit the checks into their accounts, and then print checks and/or wire money to an individual. Students are never asked to provide their bank account information to the perpetrators.
Data Breaches. Some universities have been victims of intrusions, resulting in the perpetrators being able to access university databases containing information on their employees and students.
Mystery shopping. Students receive emails or promotions for a website where they can register to become a secret shopper. Once signed up, they’re then told they must pay a fee for more program information to continue the application process. Never pay money upfront for a job. Legitimate job offers will not require payment. If you are interested in this type of work, you can search through legitimate assignments at the Mystery Shopping Providers Association (MSPA) website at mysteryshop.org.
Address farming. Thieves target large groups of students in this scam. They promise members of Greek organizations, and other types of clubs, discounted interest rates on credit cards or other services—all of which are bogus. In turn, scammers require group members to provide their addresses and personal information, enabling them to steal students' identities.
Fake credit card applications. Thieves mix in with representatives of legitimate credit card companies who are on campus handing out credit card applications. The thieves collect applications you’ve filled out, then steal your information so they can rip you off on your new credit card. Typically, they skim off your card slowly each month, relying on the fact that most students usually don’t read their statements. You can avoid this scam by applying for a credit card only through a known entity such as your bank or credit union.
Student loan and scholarship scams. Crooks ask students for an advance fee in order to secure their student loans. The requested amount can be 3 to 4 percent of the loan. Or, they make up a fee in order for students to apply for a scholarship. Don’t fall for these scams. Legitimate student loan agencies and scholarship providers never ask for money upfront.
Social media scams. One technique involves scammers setting up fake pages for universities and reaching out to the college’s students to acquire e-mail addresses. Phony pages and profiles are created to harvest personal information. In its most innocuous incarnation, this sort of scam means an inbox full of spam. In its most hostile form, social media fraud can result in identity theft. To avoid these scams, add only friends you know, limit the information you post online, and be wary of invitations to “like” pages.

Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities, and other public places are convenient, but often they’re not secure. If you connect to a Wi-Fi network, and send information through websites or mobile apps, it might be accessed by someone else.

To protect your information when using wireless hotspots, send information only to sites that are fully encrypted, and avoid using mobile apps that require personal or financial information.

Remember – any device could be at risk. Laptops, smartphones, and tablets are all susceptible to the wireless security risks.
Treat all Wi-Fi links with suspicion. Don’t just assume that the Wi-Fi link is legitimate. It could be a bogus link that has been set up by a cybercriminal that’s trying to capture valuable, personal information from unsuspecting users. Question everything – and don’t connect to an unknown or unrecognized wireless access point.

It's pretty easy for someone who wants to intercept your data in a man-in-the-middle attack to set up a network called "Free Wi-Fi" or any other variation that includes a nearby venue name, to make you think it's a legitimate source.

WINDOWS: If you are connecting via Windows, make sure to turn off file sharing and mark the Wi-Fi connection as a public network. You can find this option in the Control Panel > Network and Sharing Center > Change Advanced Sharing Settings. Under the Public heading, turn off the file sharing toggle. You may also want to turn on the Windows Firewall when connecting to a public network if it's not already activated. These settings are also found in Control Panel > Windows Firewall.

MAC: Open up System Preferences and navigate to the Sharing icon. Then, untick the checkbox next to File Sharing. Here's a full rundown on how to disable sharing and removing public home folder sharing options in OS X. You can also turn on the firewall within OS X by heading to System Preferences, Security & Privacy and click the Firewall tab.

Don’t Assume a Wi-Fi Hotspot is Secure. Most Wi-Fi hotspots do not encrypt the information you send over the internet and are not secure.
When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted. If you use an unsecured network to log in to an unencrypted site - or a site that uses encryption only on the sign-in page - other users on the network can see what you see and what you send.

They could hijack your session and log in as you. New hacking tools — available for free online — make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.

An imposter could use your account to impersonate you and scam people in your contact lists. In addition, a hacker could test your username and password to try to gain access to other websites – including sites that store your financial information.

Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can obtain a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. By using a VPN when you connect to a public Wi-Fi network, you’ll effectively be using a ‘private tunnel’ that encrypts all of your data that passes through the network. This can help to prevent cybercriminals – that are lurking on the network – from intercepting your data.
Try to verify it’s a legitimate wireless connection. Always confirm the legitimacy of a Wi-Fi network before connecting to it; do not rely on the name alone. If there are multiple access points for the same venue, ask a staff member which one to use. Some bogus links – that have been set up by malicious users – will have a connection name that’s deliberately similar to the coffee shop, hotel, or venue that’s offering free Wi-Fi. If you can speak with an employee at the location that’s providing the public Wi-Fi connection, ask for information about their legitimate Wi-Fi access point – such as the connection’s name and IP address.
Avoid using specific types of website. It’s a good idea to avoid logging into websites where there’s a chance that cybercriminals could capture your identity, passwords, or personal information – such as social networking sites, online banking services, or any websites that store your credit card information.
Software. Never install software while using public Wi-Fi, as it could introduce viruses into your computer. For example, a common attack is to inform the user that his browser is using outdated Flash and then redirect the user to a fake Adobe website that will install a virus instead of the real software.
Forget the network. Once you are all done with your Web browsing, make sure to log off any services you were signed into. Then, tell your device to forget the network. This means that your phone or PC won't automatically connect again to the network if you're in range.

Windows: Uncheck the "Connect Automatically" checkbox next to the network name before you connect, or head to Control Panel > Network and Sharing Center and click on the network name. Click on "Wireless Properties" and then uncheck "Connect automatically when this network is in range."

Mac: Go to System Preferences, go to Network, and under the Wi-Fi section click Advanced. Then uncheck "Remember networks this computer has joined." You can also individually remove networks by selecting the name and pressing the minus button underneath.

Android: Enter into your Wi-Fi network list, long press the network name and select "Forget Network." On iOS, head to Settings, select Wi-Fi networks, click the "i" icon next to the network name and choose "Forget This Network." As an extra precaution, you should also turn on "Ask To Join Networks" which is also found in the Wi-Fi networks menu.

Enable two-factor authentication. It's good practice to enable two-factor authentication on services that support it. This way, even if someone does manage to sniff out your password when on public Wi-Fi, you have an added layer of protection. Also, use one form of two-factor for logging in, and a second, different two-factor combo for recovery.

eFraud Prevention™, LLC