College Students Most Likely to Be Victims of Identity Fraud and Ransomware

Learn the Risks and the Steps You Can Take to Avoid Becoming a Statistic

Hacker on a laptop
Andrew Brookes / Getty Images

College students may be among the most digitally-connected members of society, but they are also among the most vulnerable for both identify fraud and ransomware. These students, who use digital devices as the primary means of taking notes in class, and completing assignments and other course–related tasks, spend a considerable amount of time online and should be aware of cyber risks and know how to remain secure.

In a Javelin Identity Fraud study, college students were the demographic segment least likely to be concerned about fraud. Over 64% of college students said they are not worried about becoming a victim of identity theft. However, they are four times as likely to become victims of “familiar” fraud. This group is also less likely to find out on their own that they were victims. In fact, 22% only found out when they were contacted by a debt collector demanding payment for a past due bill that they were not aware of, or when their application for credit was denied although they thought they had good credit.

However, identity fraud is not the only concern for college students. A Webroot survey reveals that this group may be the most vulnerable to ransomware attack. What's more, they are less likely than older generations to understand the costs of retrieving data lost in a ransomware attack. 

So what is ransomware? According to Jason Hong, head of the research group at the Carnegie Mellon University School of Computer Science CHIMPS (Computer Human Interaction: Mobile Privacy Security) Lab, it’s a type of malware that holds the victim’s data hostage. “The malware scrambles your data and makes it so that you can't access it, unless you pay a ransom, typically in Bitcoin,” Hong says.

In the Webroot survey, when students were asked how much they would pay to get back stolen data being held for ransom, $52 was the average amount college respondents said they were willing to hand over. Some of the specific amounts they would pay:

  • $29 for a dating profile
  • $52 for a term paper
  • $78 for a banking login
  • $86 for private photos

However, ransomware payments are usually much higher – typically between $500 and $1,000 according to the survey. Also, Hong says there’s no guarantee that victims can actually recover their data. “Some people have been able to by paying the ransom, while others have not,” Hong warns.

And that’s why Lysa Myers, security researcher at ESET,  says she would advise students against paying criminals - even though it may seem like the easiest way to retrieve data. “Ransomware authors are under no obligation to actually give you back what you pay for, and there have been plenty of cases where either the decryption key did not work, or the note asking for ransom never even appeared.”

After all, it’s not like you can contact their tech support department or file a complaint with the Better Business Bureau. And even if you get the files back, your payment may have been in vain. “The encrypted files can essentially be considered damaged and beyond repair,” Myers warns.

Instead, the best defense is a good offense, and both Hong and Myers advise students to focus their efforts on avoidance.

So what’s the best way for students to avoid becoming a statistic? Our two cybersecurity experts provide several tips.

Back It Up

Hong stresses the importance of regularly backing up your data. “Keep your most important files on a separate backup hard drive, or even on cloud services,” Hong says.

However, for this plan to work, Myers explains that your Plan B (whether it is a USB drive or a cloud or network file) needs to be disconnected from your devices and networks when you’re not using it.

Keep Software Up to Date

If you’re running outdated software with known vulnerabilities, Myers says you’re a sitting duck. “It can significantly decrease the potential for malware infection if you make a practice of updating your software often,” Myers says. “Enable automatic updates if you can, update through the software’s internal update process, or go directly to the software vendor’s website.”

For Windows users, she also recommends another step. “On Windows, you may wish to double-check that the old – and potentially vulnerable – versions of the software are removed by looking in Add/Remove Software within the Control Panel.”   

However, Hong warns that students also have to be careful when installing updates.  “A lot of malware and ransomware are designed to trick you into installing them,” Hong says. “They might pretend to be anti-virus, or say that you need to update your browser but don’t do it!” If the software update isn’t from a source that you typically use, go to a reputable website to download it.

Disable Macros in Microsoft Office Files

Here’s another tip for Office uses. “Most people may not be aware that Microsoft Office files are like a file system within a file system, which includes the ability to use a powerful scripting language to automate almost any action you could perform with a full executable file,” Myers explains. And apparently, this threat is severe enough that Microsoft included it in the company’s malware statistics report. However, you can block or disable macros from running in Microsoft Office files.

Show Hidden File Extensions

While you may not have been paying attention to your file extensions, you can help to prevent attacks by revealing those extensions. According to Myers, “One popular method malware uses to appear innocent is to name files with double extensions, such as .PDF.EXE.” Although file extensions are hidden by default, if you change the setting to see the full ​file extension, you’ll be able to observe files that look suspicious.

And Hong adds, “A lot of these suspicious files will be caught by spam filters, but check the file extension of attachments before downloading and opening them and avoid anything with a .exe or .com extension.”

Cybercriminals may be getting smarter, but by implementing these steps, students may be able to stay one step ahead.