College Students an At-Risk Group for Identity Theft

ID Theives and HackersAs the fall semester continues, new scams and fraud attempts have been directed at college students, making them one of the most at-risk demographics for scamming and identity theft, according to USA Today.

There are a number of reasons as to why college students are more at-risk than other groups. According to a USA Today article published on Sept. 8, there is a “growing cybersecurity threat at schools and other large institutions” since entire databases of student and faculty information are kept, similarly to how large companies or health care providers keep databases of their clients. If illegally accessed, the results can be disastrous.

The Internal Revenue Service (IRS) has published more back-to-school warnings, advising students of a fraud where scammers try to get students to put money on iTunes cards to pay off fraudulent bills that related to falsified things such as a “federal student tax.” No such tax exists, according to the IRS.

Other scammers use the threat of a lost semester in their favor – they call students, pretending to be from the office of college admissions, and say that the student will be dropped from classes if they don’t make a payment on their bill immediately. Some callers demand the money be paid on hard-to-trace gift cards, such as iTunes cards.

At Monmouth, a username and password gives access to WebAdvisor, eCampus, and a student’s Monmouth e-mail account. WebAdvisor alone contains lots of personal information such as names, full addresses, and financial information. In the case of the scam, the hacker then goes into the campus system to change where the paycheck is directly deposited to.

At the University , a username and password gives access to WebAdvisor, eCampus, and a student’s Monmouth e-mail account. WebAdvisor alone contains lots of personal information such as names, full addresses, and financial information. In the case of the scam, the hacker then goes into the campus system to change where the paycheck is directly deposited to.

“Young folks are generally less guarded and less careful than older folks, and that extends to their computing and online resources,” said Joseph Chung, a UNIX Administrator teacher in the Computer Science and Software Engineering department. “I noticed that in my classes, which are usually held in computer labs, when we take breaks or when students need to take a restroom break, they leave their login sessions unlocked.”

According to the USA Today article thieves can also target students who work on campus. Hackers can log into a students account to change where their paycheck is directly deposited to. However, according to the University this would be hard for hackers to accomplish at Monmouth. “The Payroll Department never sends emails requesting verification of account information,” said Mary Cadigan, the University’s Manager of Payroll Services. “We require [student] employees to complete the authorization for direct deposit form along with backup from their financial institution. If an employee wants to add an additional account or change what they already have in place they must complete a new authorization for direct deposit form,” she said.

“Once employee self-service (ESS) is activated for direct deposit, the employee would have to use their log on information in order to add, change, or remove direct deposit information. If anything is done online regarding direct deposit, they will receive an email stating that their request is pending approval from the payroll department,” Cadigan added.

According to Cadigan, the payroll department will only contact an employee regarding direct deposit if the pre-note is rejected by the bank for incorrect information. In that situation, the employee would be required to bring proof of their proper account information to the office.

Chung said, “If students want to be protected, it would mean giving up some conveniences because security and convenience always seem to be at odds. They might have to give up conveniences such as storing payment methods like credit card numbers online. It could also mean not saving cookies and passwords for websites, even on computers and mobile devices they use frequently.”

Chief of Monmouth University Police Department (MUPD) William McElrath also mentioned a few more scams. One included buying books online in which the thief will steal the supplied credit card information and the books will never be received.

A Monmouth University student was a victim of one of the above scams. “As a science major, my textbooks are expensive,” said a senior biology student who wished to remain anonymous for privacy reasons. “I always try to find them cheaper online, and usually it’s okay. This year I saw a site that had pretty low prices – not so ridiculously low that you’d think it was a scam, but low enough to seem legitimate. I ordered about six textbooks for most of my classes and I never received them. At first I assumed it was just taking a while for them to arrive but when I checked by bank statements I realized there were purchases being made that I hadn’t made. It was pretty obvious what had happened.”

The majority of the student’s money was recovered, and he/she said that after cancelling his/her debit card, changing some bank information, and replacing it with a new card, the student had had no further problems.

“I’m just lucky it didn’t go any further than a few fraudulent purchases,” he/she said. “You see some people and they get their information stolen and their entire lives are ruined. I got lucky. But it’s still scary, and scams like these are subtler – it’s something students need to be aware of.”

College students can also be at risk if they leave important information in unsecured dorm rooms.

“We always recommend keeping everything valuable in a safe with a lock,” said Natalie Toro, a junior year biology major who is a residential assistant reserve educator (RARE), meaning that if a current RA needs to be replaced, she would step in. “Important documents would definitely be recommended to be locked up. If something is stolen we contact the building area coordinator and MUPD. A report has to go out and then the student meets with a detective so they can try to find the person. The AC would also look at the lobby cameras.”

According to the Indiana University Center for Applied Cybersecurity Research, students should keep all important documentation in a secure, hidden location, and shred any papers involving personal and/or financial information.

McElrath said that students must be careful and protect their information. “This includes their driver’s license number, debit card information, credit card information, and social security number information. Students should be suspicious of any solicitations, whether e-mail, phone, or letters, asking for any of the above information,” he said.

“Students should be reminded to be very careful of scams. They should also be reminded that if they are victims of these scams, they should report it to the police department. MUPD will investigate the matter if a student or the University has been victimized,” McElrath added.